diff --git a/.github/workflows/dependency_review.yaml b/.github/workflows/dependency_review.yaml
index 273bef7..fd4303a 100644
--- a/.github/workflows/dependency_review.yaml
+++ b/.github/workflows/dependency_review.yaml
@@ -8,8 +8,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       - name: Dependency Review
-        uses: actions/dependency-review-action@v4
+        uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4
         with:
           config-file: it-at-m/.github/workflow-configs/dependency_review.yaml@main
diff --git a/Dockerfile b/Dockerfile
index ae71e59..f780b15 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,6 +3,6 @@
 # please see https://access.redhat.com/documentation/en-us/red_hat_jboss_middleware_for_openshift/3/html/red_hat_java_s2i_for_openshift/
 # All other variations must be approved by KM8
 
-FROM registry.access.redhat.com/ubi9/openjdk-17-runtime:latest
+FROM registry.access.redhat.com/ubi9/openjdk-17-runtime:latest@sha256:3e7490e1bba02c35ec742807d9492cf385bf447e1eee94abb1ef89c62c0a8911
 
 COPY target/*.jar /deployments/application.jar