diff --git a/Dockerfile b/Dockerfile
index af79763..406092b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.19 as builder
+FROM golang:1.19@sha256:3025bf670b8363ec9f1b4c4f27348e6d9b7fec607c47e401e40df816853e743a as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -19,7 +19,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:f41b84cda410b05cc690c2e33d1973a31c6165a2721e2b5343aab50fecb63441
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
diff --git a/ci.Dockerfile b/ci.Dockerfile
index 1c17792..f9a0551 100644
--- a/ci.Dockerfile
+++ b/ci.Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal
+FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2
 WORKDIR /
 COPY bin/manager .
 USER 65532:65532
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index f95634d..77bc024 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -13,4 +13,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/raffaelespazzoli/vault-config-operator
-  newTag: latest
+  newTag: latest@sha256:742084eff2e6b599563a9dabaf79ab0e9a9319b7f973b9e763b3c5f14321aa11