diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 4877cb9..4231b24 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -24,7 +24,7 @@ jobs:
       id-token: write
     steps:
       - name: Build Custom Image
-        uses: blue-build/github-action@v1.8
+        uses: blue-build/github-action@0658135ebdc49c55d03f7a4564edd0b1ccadaa0b # v1.8
         with:
           recipe: ${{ inputs.recipe }}
           cosign_private_key: ${{ secrets.SIGNING_SECRET }}
diff --git a/Containerfile.act b/Containerfile.act
index eb7351b..92cca5f 100644
--- a/Containerfile.act
+++ b/Containerfile.act
@@ -1,7 +1,7 @@
 # A runner for https://github.com/nektos/act that contains all tools used by the build workflow
 # vim: ft=dockerfile
 
-FROM catthehacker/ubuntu:act-latest
+FROM catthehacker/ubuntu:act-latest@sha256:89367f3c5437699c6b43fa941041725bcc77682a46f2bbe6557541e384d9cedb
 
 # hadolint ignore=DL3008
 RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests \