diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index a1cb52af31c..2990b5d8915 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,14 @@
 
 version: 2
 updates:
+  - package-ecosystem: docker
+    directory: /tools/docker/envoy-gateway/
+    schedule:
+      interval: weekly
+  - package-ecosystem: docker
+    directory: /site
+    schedule:
+      interval: weekly
   - package-ecosystem: github-actions
     directory: /
     schedule:
diff --git a/site/Dockerfile b/site/Dockerfile
index 4e653452e09..c9763418201 100644
--- a/site/Dockerfile
+++ b/site/Dockerfile
@@ -1,4 +1,4 @@
-FROM klakegg/hugo:ext-alpine
+FROM klakegg/hugo:ext-alpine@sha256:536dd4805d0493ee13bf1f3df3852ed1f26d1625983507c8c56242fc029b44c7
 
 RUN apk add git && \
   git config --global --add safe.directory /src
diff --git a/tools/docker/envoy-gateway/Dockerfile b/tools/docker/envoy-gateway/Dockerfile
index 9d1eeaf5239..08b05307f9f 100644
--- a/tools/docker/envoy-gateway/Dockerfile
+++ b/tools/docker/envoy-gateway/Dockerfile
@@ -1,6 +1,6 @@
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:112a87f19e83c83711cc81ce8ed0b4d79acd65789682a6a272df57c4a0858534
 ARG TARGETPLATFORM
 COPY $TARGETPLATFORM/envoy-gateway /usr/local/bin/