diff --git a/.github/workflows/container-ci.yml b/.github/workflows/container-ci.yml
index 74f6e73..b917223 100644
--- a/.github/workflows/container-ci.yml
+++ b/.github/workflows/container-ci.yml
@@ -78,7 +78,7 @@ jobs:
         run: docker build -t pgagroal:ci .
 
       - name: Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.31.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -86,7 +86,7 @@ jobs:
           exit-code: '1'
 
       - name: Run Trivy image scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.31.0
         with:
           scan-type: 'image'
           image-ref: 'pgagroal:ci'
@@ -95,13 +95,18 @@ jobs:
           ignore-unfixed: true
 
       - name: Run Trivy config scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.31.0
         with:
           scan-type: 'config'
           scan-ref: '.'
           severity: 'CRITICAL,HIGH'
           exit-code: '1'
 
+      - name: Run gitleaks secret scan
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE }}
+
   integration-test:
     name: Integration Test
     needs: [build]