diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 83ecf7b1..bc03f14e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.1
 
       - name: Set up Python
         uses: actions/setup-python@v6
@@ -48,7 +48,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.1
 
       - name: Set up Python
         uses: actions/setup-python@v6
@@ -139,7 +139,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.1
 
       - name: Set up Python
         uses: actions/setup-python@v6
@@ -232,7 +232,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.1
 
       - name: Set up Python
         uses: actions/setup-python@v6
diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
index bb3d969a..6e00e7cd 100644
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -30,7 +30,7 @@ jobs:
 
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Build and push to ghcr.io
         if: ${{ github.actor != 'dependabot[bot]' && (github.event_name == 'push' || !github.event.pull_request.head.repo.fork) }}
@@ -58,7 +58,7 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Docker Login
         run: docker login --username '${{ github.actor }}' --password-stdin ghcr.io <<< "$GHCR_TOKEN"
diff --git a/.github/workflows/sentry_dogfood.yml b/.github/workflows/sentry_dogfood.yml
index e1363aa8..14754a39 100644
--- a/.github/workflows/sentry_dogfood.yml
+++ b/.github/workflows/sentry_dogfood.yml
@@ -16,7 +16,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v6.0.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/validate-pipelines.yml b/.github/workflows/validate-pipelines.yml
index 4bb9827e..25a7c662 100644
--- a/.github/workflows/validate-pipelines.yml
+++ b/.github/workflows/validate-pipelines.yml
@@ -19,7 +19,7 @@ jobs:
         outputs:
             gocd: ${{ steps.changes.outputs.gocd }}
         steps:
-          - uses: actions/checkout@v6
+          - uses: actions/checkout@v6.0.1
           - name: Check for relevant file changes
             uses: getsentry/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
             id: changes
@@ -41,7 +41,7 @@ jobs:
             id-token: "write"
 
         steps:
-            - uses: actions/checkout@v6
+            - uses: actions/checkout@v6.0.1
             - id: 'auth'
               uses: google-github-actions/auth@v3
               with: