diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml
index edcc90689..845f03b41 100644
--- a/.github/workflows/quality.yml
+++ b/.github/workflows/quality.yml
@@ -60,7 +60,7 @@ jobs:
 
       - name: SonarQube Scan
         if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) }}
-        uses: SonarSource/sonarqube-scan-action@v6.0.0
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602  # v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.github/workflows/sonar-fork-pr.yml b/.github/workflows/sonar-fork-pr.yml
index 5316dc6bd..01fcfce10 100644
--- a/.github/workflows/sonar-fork-pr.yml
+++ b/.github/workflows/sonar-fork-pr.yml
@@ -138,7 +138,7 @@ jobs:
           fi
 
       - name: SonarQube Scan (fork PR, trusted base)
-        uses: SonarSource/sonarqube-scan-action@v6.0.0
+        uses: SonarSource/sonarqube-scan-action@fd88b7d7ccbaefd23d8f36f73b59db7a3d246602  # v6.0.0
         env:
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}