diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 4519557..4e0df1e 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
 
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@82c7e631bb3cdc910f68e98d91270eadf81efc99  # v5.1.0
         with:
           python-version: '3.11'
 
@@ -29,6 +29,6 @@ jobs:
         run: bandit -r . -f sarif -o bandit-results.sarif --exit-zero
 
       - name: Upload Bandit SARIF results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@c7d0eebf0efb81753d773b54ee46f4278db8ab5d  # v3.25.12
         with:
           sarif_file: bandit-results.sarif