diff --git a/.github/workflows/vulnerability-scans.yaml b/.github/workflows/vulnerability-scans.yaml
index de7d777a7..156b3306c 100644
--- a/.github/workflows/vulnerability-scans.yaml
+++ b/.github/workflows/vulnerability-scans.yaml
@@ -49,7 +49,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Scan for vulnerabilities in go code
-        uses: golang/govulncheck-action@v1
+        uses: golang/govulncheck-action@dd3ead030e4f2cf713062f7a3395191802364e13 # v1
         with:
           check-latest: true