diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index a05c2d5b..4a17446e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,7 +8,7 @@ jobs:
       - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!"
       - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}."
       - name: Check out repository code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.1.0
       - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner."
       - run: echo "🖥️ The workflow is now ready to test your code on the runner."
       - name: List files in the repository
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 1c85af4a..ad7e1543 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ jobs:
   NextGen-Static-Analysis:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.1.0
     - name: Download ShiftLeft CLI
       run: |
         curl https://cdn.shiftleft.io/download/sl > ${GITHUB_WORKSPACE}/sl && chmod a+rx ${GITHUB_WORKSPACE}/sl
diff --git a/.github/workflows/rebase.yml b/.github/workflows/rebase.yml
index e1012a97..332fd1a5 100644
--- a/.github/workflows/rebase.yml
+++ b/.github/workflows/rebase.yml
@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the latest code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.1.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1af644c2..805c5d54 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,7 +10,7 @@ jobs:
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
 
       - name: "Get tag name"
         id: tag
@@ -106,7 +106,7 @@ jobs:
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         with:
           ref: develop
           token: ${{ secrets.WEBGOAT_DEPLOYER_TOKEN }}
diff --git a/.github/workflows/sonarcloud1.yml b/.github/workflows/sonarcloud1.yml
index 520736ce..a38972b2 100644
--- a/.github/workflows/sonarcloud1.yml
+++ b/.github/workflows/sonarcloud1.yml
@@ -12,7 +12,7 @@ jobs:
   sonarqube:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.1.0
       with:
         # Disabling shallow clone is recommended for improving relevancy of reporting
         fetch-depth: 0
diff --git a/.github/workflows/sonarcuberun1.yml b/.github/workflows/sonarcuberun1.yml
index a6abacac..9dd14cc6 100644
--- a/.github/workflows/sonarcuberun1.yml
+++ b/.github/workflows/sonarcuberun1.yml
@@ -9,7 +9,7 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 11