diff --git a/.gitea/workflows/docs.yaml b/.gitea/workflows/docs.yaml
index db61bd1..3a72a15 100644
--- a/.gitea/workflows/docs.yaml
+++ b/.gitea/workflows/docs.yaml
@@ -58,13 +58,13 @@ jobs:
       run: |
         mv artifacts/${{ env.ARTIFACT }} artifacts/wiki.zip
     - name: Upload documentation
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
       with:
         name: wiki.zip
         path: artifacts/wiki.zip
         retention-days: 14
     - name: Upload algolia-indexes
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
       with:
         name: algolia-indexes.zip
         path: artifacts/${{ env.ALGOLIA_ARTIFACT }}
@@ -72,23 +72,23 @@ jobs:
 
   build-docs-container:
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     needs: [docs, preprocess]
     steps:
     - name: Checkout repository
       uses: https://github.com/actions/checkout@v3
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
     - name: Login to Docker Hub
-      uses: docker/login-action@v3
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
       with:
         registry: ${{ github.server_url }}
         username: ${{ github.actor }}
         password: ${{ secrets.REGISTRY_TOKEN }}
     - name: Retrieve docs artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
       with:
         name: wiki.zip
         path: ${{ github.workspace }}
@@ -97,7 +97,7 @@ jobs:
         mkdir .public
         unzip -jo -qq ./wiki.zip/wiki.zip -d .public
     - name: Build and push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
       with:
         context: .
         file: Wiki.Dockerfile
@@ -106,7 +106,7 @@ jobs:
         platforms: linux/amd64,linux/arm64
     - name: Build and push to latest
       if: github.ref_name == 'master'
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
       with:
         context: .
         file: Wiki.Dockerfile
@@ -116,7 +116,7 @@ jobs:
 
   deploy-wiki:
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     needs: [build-docs-container, docs, preprocess]
     steps:
     - name: Deploy Image to CapRrover
diff --git a/.gitea/workflows/server.yaml b/.gitea/workflows/server.yaml
index 7e9532b..069bc5f 100644
--- a/.gitea/workflows/server.yaml
+++ b/.gitea/workflows/server.yaml
@@ -20,7 +20,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Setup dotnet
       uses: https://github.com/actions/setup-dotnet@v3
       with:
@@ -35,10 +35,10 @@ jobs:
   sonarqube:
     needs: build
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     if: github.ref_name == 'master'
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Setup dotnet
       uses: https://github.com/actions/setup-dotnet@v3
       with:
@@ -69,7 +69,7 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Setup dotnet
       uses: https://github.com/actions/setup-dotnet@v3
       with:
@@ -97,10 +97,10 @@ jobs:
 
   container-build:
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     needs: [build, preprocess]
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Setup dotnet
       uses: https://github.com/actions/setup-dotnet@v3
       with:
@@ -108,17 +108,17 @@ jobs:
         # Add support for more platforms with QEMU (optional)
         # https://github.com/docker/setup-qemu-action
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@v3
+      uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
+      uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
     - name: Login to Docker Hub
-      uses: docker/login-action@v3
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
       with:
         registry: ${{ github.server_url }}
         username: ${{ github.actor }}
         password: ${{ secrets.REGISTRY_TOKEN }}
     - name: Build and push
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
       with:
         context: .
         file: Continuity.AuthServer/Dockerfile
@@ -127,7 +127,7 @@ jobs:
         platforms: linux/amd64,linux/arm64
     - name: Build and push to latest
       if: github.ref_name == 'master'
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5
       with:
         context: .
         file: Continuity.AuthServer/Dockerfile
@@ -138,9 +138,9 @@ jobs:
   container-sbom-scan:
     needs: [container-build, preprocess]
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
     - name: Setup dotnet
       uses: https://github.com/actions/setup-dotnet@v3
       with:
@@ -154,7 +154,7 @@ jobs:
         mkdir ~/.docker
         curl -sSfL https://raw.githubusercontent.com/docker/sbom-cli-plugin/main/install.sh | sh -s --
     - name: Login to Docker Hub
-      uses: docker/login-action@v3
+      uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
       with:
         registry: ${{ github.server_url }}
         username: ${{ github.actor }}
@@ -179,9 +179,9 @@ jobs:
   generate-licences:
     needs: [container-build, preprocess]
     runs-on: ubuntu-latest
-    container: catthehacker/ubuntu:act-latest
+    container: catthehacker/ubuntu:act-latest@sha256:a96ff9118eb7ce9aa52c46eb6989d1c0227d31ec19de3ba0d8e0a484773ab4fb
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
       - name: Setup dotnet
         uses: https://github.com/actions/setup-dotnet@v3
         with:
@@ -199,7 +199,7 @@ jobs:
       - name: Package licenses
         run: zip licenses
       - name: Upload licenses
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3
         with:
           name: licenses.zip
           path: artifacts/licenses.zip