diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 3e688a7..3b08aab 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -6,13 +6,21 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: Set up JDK 11
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           java-version: '11'
           distribution: 'temurin'
@@ -22,7 +30,7 @@ jobs:
       - name: Run tests with jdk 11
         run: mvn -ntp -fae test --file pom.xml
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
         with:
           java-version: '17'
           distribution: 'temurin'