diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 564ca241..d12fceaf 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -53,13 +53,13 @@ jobs:
           category: "/language:${{ matrix.language }}"
                     
       - name: CodeQL and Dependabot Report Action
-        uses: rsdmike/github-security-report-action@v3.0.4
+        uses: rsdmike/github-security-report-action@a149b24539044c92786ec39af8ba38c93496495d # v3.0.4
         with:
           template: report
           token: ${{ secrets.SECURITY_TOKEN }}
 
       - name: GitHub Upload Release Artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
         with:
           name: report
           path: |