diff --git a/.github/workflows/sonar-merge-main.yml b/.github/workflows/sonar-merge-main.yml
index b70fb399d6..d8390b56e6 100644
--- a/.github/workflows/sonar-merge-main.yml
+++ b/.github/workflows/sonar-merge-main.yml
@@ -20,7 +20,7 @@ jobs:
             os: "ubuntu-latest"
             is_pr: "false" 
       - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@latest
+        uses: SonarSource/sonarqube-scan-action@master
         env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
             SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/sonar-pr.yml b/.github/workflows/sonar-pr.yml
index c7c63eac7e..5f763e8cc4 100644
--- a/.github/workflows/sonar-pr.yml
+++ b/.github/workflows/sonar-pr.yml
@@ -58,7 +58,7 @@ jobs:
           # Need to change source in coverage report because it was generated from another context
           sed -i 's/\/home\/runner\/work\/acapy\/acapy\//\/github\/workspace\//g' test-reports/coverage.xml
       - name: SonarCloud Scan
-        uses: SonarSource/sonarqube-scan-action@latest
+        uses: SonarSource/sonarqube-scan-action@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}