diff --git a/.github/workflows/ci_lint.yml b/.github/workflows/ci_lint.yml
index 57de234485..38b290493d 100644
--- a/.github/workflows/ci_lint.yml
+++ b/.github/workflows/ci_lint.yml
@@ -25,3 +25,9 @@ jobs:
       - name: Lint workflows
         run: |
           make lint_workflow
+
+      - name: Ensure SHA pinned actions
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@0901cf7b71c7ea6261ec69a3dc2bd3f9264f893e # v3.0.12
+        with:
+          allowlist: |
+            slsa-framework/slsa-github-generator