diff --git a/.github/workflows/general.security-scan.yaml b/.github/workflows/general.security-scan.yaml
index 0babcc2c0a1..d1b1d21cc80 100644
--- a/.github/workflows/general.security-scan.yaml
+++ b/.github/workflows/general.security-scan.yaml
@@ -43,7 +43,7 @@ jobs:
         severity: 'CRITICAL'
 
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@v1
+      uses: github/codeql-action/upload-sarif@e2cc7cc006b87d43538b16d71752753e7b85224d # tag=v1
       with:
         sarif_file: 'trivy-repo-results.sarif'