diff --git a/.github/actions/attack/action.yml b/.github/actions/attack/action.yml
index c55be7c..4a343df 100644
--- a/.github/actions/attack/action.yml
+++ b/.github/actions/attack/action.yml
@@ -21,7 +21,7 @@ runs:
     # emits .wapiti/generated_reports/report.html
     # for now, base default scan
     - name: Wapiti Scan
-      uses: gipo355/vuln-docker-scanners-wapiti-action@v1.0.0
+      uses: gipo355/vuln-docker-scanners-wapiti-action@0dbb2fffe2fa6c534b4f142de586e83a5362a06c # v1.0.0
       with:
         target: "http://localhost:8080/tomcat-webapp-boilerplate/app"
         github_token: ${{ inputs.github_token }}