diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index 507a47a..68c96e8 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -1,5 +1,7 @@
 name: Docker Image CI
 
+permissions: {}
+
 on:
   push:
     tags:
@@ -10,13 +12,13 @@ jobs:
     environment: Docker Image
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
       - name: Set env
         run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
       - name: Build image and CI Scanning
         run: |
           # Build docker image
@@ -39,13 +41,13 @@ jobs:
           #Perform Analysis Sandbox 
           sudo ./twistcli sandbox --address ${{ secrets.PCC_URL }} --token $token --analysis-duration 2m ${{ vars.IMAGE_NAME }}:latest
       - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
           registry: ${{ secrets.DOCKER_REGISTRY }}
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
         with:
           context: .
           push: true