diff --git a/.github/workflows/build-backup-tools.yml b/.github/workflows/build-backup-tools.yml
index a4f2fcf..283d453 100644
--- a/.github/workflows/build-backup-tools.yml
+++ b/.github/workflows/build-backup-tools.yml
@@ -26,7 +26,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Calculate docker image tag
         id: set-tag
@@ -37,7 +37,7 @@ jobs:
           echo "tag=$tag" >> $GITHUB_OUTPUT
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -45,7 +45,7 @@ jobs:
 
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
@@ -53,7 +53,7 @@ jobs:
             type=semver,pattern={{version}}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: backup-tools
           tags: "${{ env.IMAGE_NAME }}:${{ steps.set-tag.outputs.tag }}, ${{ env.IMAGE_NAME }}:latest"
diff --git a/.github/workflows/build-cluster-api-provider-outscale.yml b/.github/workflows/build-cluster-api-provider-outscale.yml
index 7aefeac..0f33fb7 100644
--- a/.github/workflows/build-cluster-api-provider-outscale.yml
+++ b/.github/workflows/build-cluster-api-provider-outscale.yml
@@ -29,7 +29,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout outscale/cluster-api-provider-outscale code
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           fetch-depth: 0
           repository: 'outscale/cluster-api-provider-outscale'
@@ -56,7 +56,7 @@ jobs:
           REGISTRY: ${{ env.REGISTRY_BASE_PATH }}
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
diff --git a/.github/workflows/build-k8s-tools.yml b/.github/workflows/build-k8s-tools.yml
index 0cb5223..94444dd 100644
--- a/.github/workflows/build-k8s-tools.yml
+++ b/.github/workflows/build-k8s-tools.yml
@@ -26,7 +26,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Calculate docker image tag
         id: set-tag
@@ -37,7 +37,7 @@ jobs:
           echo "tag=$tag" >> $GITHUB_OUTPUT
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -45,7 +45,7 @@ jobs:
 
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
@@ -53,7 +53,7 @@ jobs:
             type=semver,pattern={{version}}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: k8s-tools
           tags: "${{ env.IMAGE_NAME }}:${{ steps.set-tag.outputs.tag }}, ${{ env.IMAGE_NAME }}:latest"
diff --git a/.github/workflows/build-outscale-cli.yml b/.github/workflows/build-outscale-cli.yml
index 6c54749..476c7f3 100644
--- a/.github/workflows/build-outscale-cli.yml
+++ b/.github/workflows/build-outscale-cli.yml
@@ -26,7 +26,7 @@ jobs:
       packages: write
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Calculate docker image tag
         id: set-tag
@@ -37,7 +37,7 @@ jobs:
           echo "tag=$tag" >> $GITHUB_OUTPUT
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -45,7 +45,7 @@ jobs:
 
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
@@ -53,7 +53,7 @@ jobs:
             type=semver,pattern={{version}}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5
         with:
           context: outscale-cli
           tags: "${{ env.IMAGE_NAME }}:${{ steps.set-tag.outputs.tag }}, ${{ env.IMAGE_NAME }}:latest"
diff --git a/backup-tools/Dockerfile b/backup-tools/Dockerfile
index f8519b0..b459e4e 100644
--- a/backup-tools/Dockerfile
+++ b/backup-tools/Dockerfile
@@ -1,7 +1,7 @@
 #
 # Base image
 #
-FROM --platform=linux/amd64 debian:12-slim
+FROM --platform=linux/amd64 debian:12-slim@sha256:96e378d7e6531ac9a15ad505478fcc2e69f371b10f5cdf87857c4b8188404716
 
 ARG http_proxy=${http_proxy:-}
 ARG https_proxy=${https_proxy:-}
diff --git a/gitlab-runner/Dockerfile b/gitlab-runner/Dockerfile
index af99a4a..1dfe584 100644
--- a/gitlab-runner/Dockerfile
+++ b/gitlab-runner/Dockerfile
@@ -1,7 +1,7 @@
 #
 # Base image
 #
-FROM --platform=linux/amd64 ubuntu:24.04
+FROM --platform=linux/amd64 ubuntu:24.04@sha256:786a8b558f7be160c6c8c4a54f9a57274f3b4fb1491cf65146521ae77ff1dc54
 
 ARG http_proxy=${http_proxy:-}
 ARG https_proxy=${https_proxy:-}
diff --git a/helmfile/Dockerfile b/helmfile/Dockerfile
index ea15eab..0b33f34 100644
--- a/helmfile/Dockerfile
+++ b/helmfile/Dockerfile
@@ -1,4 +1,4 @@
-ARG DOCKER_HELMFILE_VERSION=v1.1.9
+ARG DOCKER_HELMFILE_VERSION=v1.1.9@sha256:08b8aef4e800a3a0ffd6c12246a6a0be8592bf9ec4af92d269d3b0786ada8a6d
 
 FROM --platform=linux/amd64 ghcr.io/helmfile/helmfile-debian-stable-slim:${DOCKER_HELMFILE_VERSION}
 
diff --git a/k8s-tools/Dockerfile b/k8s-tools/Dockerfile
index bd3b4ec..cb4e781 100644
--- a/k8s-tools/Dockerfile
+++ b/k8s-tools/Dockerfile
@@ -1,7 +1,7 @@
 #
 # Base image
 #
-FROM --platform=linux/amd64 debian:bullseye
+FROM --platform=linux/amd64 debian:bullseye@sha256:68cf0d859b046494f3c4288171bc477580e424f981d08f2a77742b982c32a38f
 
 ARG http_proxy=${http_proxy:-}
 ARG https_proxy=${https_proxy:-}
diff --git a/outscale-cli/Dockerfile b/outscale-cli/Dockerfile
index 587587d..2a21cbf 100644
--- a/outscale-cli/Dockerfile
+++ b/outscale-cli/Dockerfile
@@ -1,7 +1,7 @@
 #
 # Base image
 #
-FROM --platform=linux/amd64 debian:12-slim
+FROM --platform=linux/amd64 debian:12-slim@sha256:96e378d7e6531ac9a15ad505478fcc2e69f371b10f5cdf87857c4b8188404716
 
 ARG http_proxy=${http_proxy:-}
 ARG https_proxy=${https_proxy:-}