diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f78bf56c40..a603695a91 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -26,6 +26,6 @@ jobs:
       actions: read # for github/codeql-action/init to get workflow details
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/autobuild to send a status report
-    uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@v0.1
+    uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@c903bfe6c668eaba362cde6a7882278bc1564401 # v0.1
     with:
       requested_languages: go,javascript-typescript
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 13c7055881..47d9cc92cf 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -32,7 +32,7 @@ permissions:
 jobs:
   mend:
     if: ${{ github.event.repository.fork == false }}
-    uses: nginxinc/compliance-rules/.github/workflows/mend.yml@v0.1
+    uses: nginxinc/compliance-rules/.github/workflows/mend.yml@c903bfe6c668eaba362cde6a7882278bc1564401 # v0.1
     secrets: inherit
     with:
       product_name: nginx-gateway-fabric_${{ github.ref_name }}