diff --git a/.github/workflows/code-check-identified.yml b/.github/workflows/code-check-identified.yml
index 24e585d..d9c9d7b 100644
--- a/.github/workflows/code-check-identified.yml
+++ b/.github/workflows/code-check-identified.yml
@@ -15,7 +15,7 @@ jobs:
     if: "! contains(github.event.pull_request.labels.*.name, 'dependencies')"
     steps:
     - name: 🧹 Frieza
-      uses: outscale/frieza-github-actions/frieza-clean@master
+      uses: outscale/frieza-github-actions/frieza-clean@68ffd39d7e181f3548369e332242b329b04a3182 # master
       with:
         access_key: ${{ secrets.OSC_ACCESS_KEY }}
         secret_key: ${{ secrets.OSC_SECRET_KEY }}
diff --git a/.github/workflows/cred-scan.yml b/.github/workflows/cred-scan.yml
index 379e37d..1250b99 100644
--- a/.github/workflows/cred-scan.yml
+++ b/.github/workflows/cred-scan.yml
@@ -13,6 +13,6 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
     - name: Scan credentials
-      uses: outscale/cred-scan@main
+      uses: outscale/cred-scan@36ef82cc690d72a17bf0993ab323961f1b1f9c66 # main
       with:
         scan_path: "./"
diff --git a/.github/workflows/github-sanity-scan.yml b/.github/workflows/github-sanity-scan.yml
index 9287ef0..4793f0f 100644
--- a/.github/workflows/github-sanity-scan.yml
+++ b/.github/workflows/github-sanity-scan.yml
@@ -13,6 +13,6 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
     - name: Github sanity scanner
-      uses: outscale/github-sanity-scan@main
+      uses: outscale/github-sanity-scan@380a9927b4be45d9c4f6f66a4e8dfd7cf7b18513 # main
       with:
         no-pull-request-target: true