diff --git a/.github/workflows/ci-python.yml b/.github/workflows/ci-python.yml
index 5aee8250..23f25893 100644
--- a/.github/workflows/ci-python.yml
+++ b/.github/workflows/ci-python.yml
@@ -33,9 +33,9 @@ jobs:
           - "3.11"
           - "3.12"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Python ${{ matrix.python-version }}
-        uses: greenbone/actions/poetry@v3
+        uses: greenbone/actions/poetry@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install additional script dependencies
@@ -64,9 +64,9 @@ jobs:
     needs: test
     runs-on: "ubuntu-latest"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Calculate and upload coverage to codecov.io
-        uses: greenbone/actions/coverage-python@v3
+        uses: greenbone/actions/coverage-python@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
@@ -74,9 +74,9 @@ jobs:
     name: Build the documentation
     runs-on: "ubuntu-latest"
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Install poetry and dependencies
-        uses: greenbone/actions/poetry@v3
+        uses: greenbone/actions/poetry@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
       - name: Build docs
         run: |
           cd docs
diff --git a/.github/workflows/codeql-analysis-python.yml b/.github/workflows/codeql-analysis-python.yml
index e426d2bd..ec21f536 100644
--- a/.github/workflows/codeql-analysis-python.yml
+++ b/.github/workflows/codeql-analysis-python.yml
@@ -27,12 +27,12 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml
index 6caa8c32..1737c97c 100644
--- a/.github/workflows/container.yml
+++ b/.github/workflows/container.yml
@@ -13,15 +13,15 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Login to Dockerhub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Setup container meta information
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         with:
           images: greenbone/gvm-tools
           labels: |
@@ -35,11 +35,11 @@ jobs:
             # set latest for main branch pushes
             type=raw,value=latest,enable={{is_default_branch}}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
       - name: Build and push Container image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           push: true
diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml
index 5d0bb41e..2d1fa745 100644
--- a/.github/workflows/conventional-commits.yml
+++ b/.github/workflows/conventional-commits.yml
@@ -13,4 +13,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Report Conventional Commits
-        uses: greenbone/actions/conventional-commits@v3
+        uses: greenbone/actions/conventional-commits@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 36afcc32..c89ebf3e 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -9,4 +9,4 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: 'Dependency Review'
-        uses: greenbone/actions/dependency-review@v3
+        uses: greenbone/actions/dependency-review@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
diff --git a/.github/workflows/deploy-pypi.yml b/.github/workflows/deploy-pypi.yml
index 137ab9ed..92da7385 100644
--- a/.github/workflows/deploy-pypi.yml
+++ b/.github/workflows/deploy-pypi.yml
@@ -14,4 +14,4 @@ jobs:
       url: https://pypi.org/project/gvm-tools/
     steps:
       - name: Build and publish to PyPI
-        uses: greenbone/actions/pypi-upload@v3
+        uses: greenbone/actions/pypi-upload@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11
diff --git a/.github/workflows/sbom-upload.yml b/.github/workflows/sbom-upload.yml
index fefdfeaf..ac9d2063 100644
--- a/.github/workflows/sbom-upload.yml
+++ b/.github/workflows/sbom-upload.yml
@@ -11,4 +11,4 @@ jobs:
       contents: write
     steps:
       - name: 'SBOM upload'
-        uses: greenbone/actions/sbom-upload@v3
+        uses: greenbone/actions/sbom-upload@a1883bd24d2d921426b3f06413e84606ecd43bdd # v3.27.11