diff --git a/.github/workflows/check-licenses.yml b/.github/workflows/check-licenses.yml
index b099583..9f578d4 100644
--- a/.github/workflows/check-licenses.yml
+++ b/.github/workflows/check-licenses.yml
@@ -12,8 +12,8 @@ jobs:
   license-3rdparty:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
+      - uses: actions/setup-node@7c12f8017d5436eb855f1ed4399f037a36fbd9e8 # v2.5.2
         with:
           node-version: "12"
       - run: npm i
diff --git a/.github/workflows/review.yml b/.github/workflows/review.yml
index 88ea157..4e29796 100644
--- a/.github/workflows/review.yml
+++ b/.github/workflows/review.yml
@@ -20,7 +20,7 @@ jobs:
   test-post-review-status:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
       - id: review
         uses: ./post-review-status
         with:
@@ -30,7 +30,7 @@ jobs:
   test-post-status-check-feature-branch:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
       - id: security-review
         uses: ./post-review-status
         with:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0eb5e81..3006ccf 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
   test-post-status-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
       - id: status
         uses: ./post-status-check
         with: