diff --git a/.github/workflows/pr_scan.yml b/.github/workflows/pr_scan.yml
index 2d4a51b2..741fd741 100644
--- a/.github/workflows/pr_scan.yml
+++ b/.github/workflows/pr_scan.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Setup Gradle
         uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@f5ce41475b483ad7581884324a6eca9f48f8dcc7 # v1
         with:
           path: ~/.sonar-project.properties/cache
           key: ${{ runner.os }}-sonar-project.properties
diff --git a/Dockerfile b/Dockerfile
index 0ec93a18..356b740f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,9 @@
-FROM eclipse-temurin:11-jdk-alpine as build
+FROM eclipse-temurin:11-jdk-alpine@sha256:8631bdced20560ea97c24dc5ed6551a5c663155ef3d6d9e0458f52250c2d4d77 as build
 
 WORKDIR /build
 COPY ./samples/spring .
 
-FROM eclipse-temurin:11-jdk-alpine as runtime
+FROM eclipse-temurin:11-jdk-alpine@sha256:8631bdced20560ea97c24dc5ed6551a5c663155ef3d6d9e0458f52250c2d4d77 as runtime
 
 WORKDIR /app
 COPY --from=build /build/build/libs/*.jar /app/app.jar
diff --git a/Dockerfile.test-only b/Dockerfile.test-only
index 8da464d0..d09736bf 100644
--- a/Dockerfile.test-only
+++ b/Dockerfile.test-only
@@ -1,4 +1,4 @@
-FROM amazoncorretto:11
+FROM amazoncorretto:11@sha256:618ed790c8140114910a6630b6ae33d50de82761f5af6b17928bae64fc4dae57
 
 RUN yum update -y --security
 RUN mkdir /app
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 5e79e165..4e6cd7a6 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,12 +1,12 @@
 version: "3.9"
 services:
   mockserverAssertion:
-    image: mockoon/cli:latest
+    image: mockoon/cli:latest@sha256:1b8bad447963a35d8e608cf62cba8a572ae1b2327049f883f4a86d213018c133
     command: [ "--data", "data", "--port", "3000" ]
     volumes:
       - ./e2e/mockoon/mockoonAssertions.json:/data:readonly
   mockserverIDP:
-    image: mockoon/cli:latest
+    image: mockoon/cli:latest@sha256:1b8bad447963a35d8e608cf62cba8a572ae1b2327049f883f4a86d213018c133
     command: [ "--data", "data", "--port", "3001" ]
     volumes:
       - ./e2e/mockoon/mockoonIDP.json:/data:readonly