diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
index 9115830..662e3b9 100644
--- a/.github/workflows/build-and-deploy.yml
+++ b/.github/workflows/build-and-deploy.yml
@@ -23,12 +23,12 @@ jobs:
       run: docker build . -t ghcr.io/${{ github.repository }}:${{ github.sha }} -t ghcr.io/${{ github.repository }}:latest
 
     - name: Scan container for issues
-      uses: Azure/container-scan@v0.1
+      uses: Azure/container-scan@f9af925b897d8af5f7e0026b8bca9346261abc93 # v0.1
       with:
         image-name: ghcr.io/${{ github.repository }}:${{ github.sha }}
 
     - name: Login to GitHub Container Registry
-      uses: docker/login-action@v3.0.0
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
       with:
         registry: ghcr.io
         username: ${{ github.repository_owner }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 63e240e..d76f54d 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,6 +14,6 @@ jobs:
       run: docker build . -t ghcr.io/${{ github.repository }}:${{ github.sha }}
 
     - name: Scan container for issues
-      uses: Azure/container-scan@v0.1
+      uses: Azure/container-scan@f9af925b897d8af5f7e0026b8bca9346261abc93 # v0.1
       with:
         image-name: ghcr.io/${{ github.repository }}:${{ github.sha }}
diff --git a/Dockerfile b/Dockerfile
index b935b6a..02a6cc5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:3.19@sha256:51b67269f354137895d43f3b3d810bfacd3945438e94dc5ac55fdac340352f48
 
 # Non-root user for security purposes.
 #