diff --git a/.github/workflows/secrets-scan.yaml b/.github/workflows/secrets-scan.yaml
index ed9e76f..ee00666 100644
--- a/.github/workflows/secrets-scan.yaml
+++ b/.github/workflows/secrets-scan.yaml
@@ -13,12 +13,12 @@ jobs:
     if: ${{ !contains(github.actor, '[bot]') }} # [bot]を含む場合は除外する
     steps:
     - name: Checkout
-      uses: actions/checkout@v4.1.1
+      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
       with:
         ref: ${{ github.head_ref }}
 
     - name: Run Aqua Security Trivy
-      uses: aquasecurity/trivy-action@0.15.0
+      uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
       with:
         scan-type: fs
         scan-ref: . # default