diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 92348dd..2b620aa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,14 +21,14 @@ jobs:
     steps:
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           persist-credentials: false
           fetch-depth: 0
 
       - name: Log in to the Container registry
         id: docker_login
-        uses: docker/login-action@v2
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -36,7 +36,7 @@ jobs:
 
       - name: Build and push Docker image
         id: docker_build_push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@1104d471370f9806843c095c1db02b5a90c5f8b6 # v3
         with:
           context: .
           push: true
diff --git a/Dockerfile b/Dockerfile
index f99247f..2f91378 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:22.04
+FROM ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
 
 LABEL "org.opencontainers.image.source"="https://github.com/pagopa/example-bad-repo-packages"
 LABEL "maintainer"="https://pagopa.it"
diff --git a/Dockerfile.evil b/Dockerfile.evil
index fca7232..3e82159 100644
--- a/Dockerfile.evil
+++ b/Dockerfile.evil
@@ -1,4 +1,4 @@
-FROM alpine:latest
+FROM alpine:latest@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
 
 LABEL "org.opencontainers.image.source"="https://github.com/pagopa/example-bad-repo-packages"
 LABEL "maintainer"="https://pagopa.it"