diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index 05a0b3e96..f2cfcdbf8 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -12,7 +12,7 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
     - name: Scan image with Trivy
       uses: aquasecurity/trivy-action@master
       with: