diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 16559fb0e..774324d04 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -98,5 +98,4 @@ jobs:
             mvn -B clean install --batch-mode -DskipTests
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9ace329d8c0504a5571820cf13ab64d3f59e84fb    # v2.25.2
-          
+        uses: github/codeql-action/analyze@9b7c22c3b39078582fa6d0d8f3841e944ec54582
diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index a57280868..805e047f8 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -27,7 +27,7 @@ name: "KICS"
 
 on:
   push:
-    branches: [ main ]
+    branches: [ "main" ]
     paths-ignore:
       - '**/*.md'
       - '**/*.txt'
@@ -76,7 +76,7 @@ jobs:
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@9b7c22c3b39078582fa6d0d8f3841e944ec54582
         with:
           sarif_file: kicsResults/results.sarif
 
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index c66db32a1..c3d0ef709 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -74,7 +74,7 @@ jobs:
           skip-dirs: "deployment/infrastructure/data-consumer/edc-consumer,deployment/infrastructure/data-provider/edc-provider,deployment/infrastructure/data-provider/edc-provider/data-service,deployment/infrastructure/data-provider/registry"  # skip scanning external images.
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@9b7c22c3b39078582fa6d0d8f3841e944ec54582
         if: always()
         with:
           sarif_file: "trivy-results1.sarif"
@@ -112,7 +112,7 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: always()
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@9b7c22c3b39078582fa6d0d8f3841e944ec54582
         with:
           sarif_file: "trivy-results-dpp-frontend.sarif"
 
@@ -158,7 +158,7 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: always()
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@9b7c22c3b39078582fa6d0d8f3841e944ec54582
         with:
           sarif_file: "trivy-results-dpp-backend.sarif"