diff --git a/.github/workflows/static-vol-selfserve-build-deploy.yaml b/.github/workflows/static-vol-selfserve-build-deploy.yaml
index 82aa64284..40a2c9d7c 100644
--- a/.github/workflows/static-vol-selfserve-build-deploy.yaml
+++ b/.github/workflows/static-vol-selfserve-build-deploy.yaml
@@ -17,7 +17,7 @@ env:
 permissions:
   id-token: write   # This is required for requesting the JWT
   contents: read    # This is required for actions/checkout
-  security-events: write
+  # security-events: write
 
 jobs:
 
@@ -29,21 +29,21 @@ jobs:
   security:
     # name: Run security Check
     if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
-    uses: dvsa/.github/.github/workflows/php-security.yml@main
+    uses: dvsa/.github/.github/workflows/php-security.yml@v3.2.0
     secrets:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
   static-analysis:
     # name: Perform static analysis
     if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
-    uses: dvsa/.github/.github/workflows/php-static.yml@main
+    uses: dvsa/.github/.github/workflows/php-static.yml@v3.2.0
     with:
       php-version: '7.4'
 
   tests:
     # name: Run tests
     if: github.event_name == 'pull_request' && github.event_name != 'pull_request_review'
-    uses: dvsa/.github/.github/workflows/php-tests.yml@main
+    uses: dvsa/.github/.github/workflows/php-tests.yml@v3.2.0
     with:
       php-versions: "[\"7.4\"]"
       fail-fast: false