diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml
index d4e4356..29aa2a4 100644
--- a/.github/actions/build/action.yml
+++ b/.github/actions/build/action.yml
@@ -25,6 +25,6 @@ runs:
         maven-version: ${{ inputs.maven-version }}
 
     - name: Piper Maven build
-      uses: SAP/project-piper-action@main
+      uses: SAP/project-piper-action@0694c809adf25568fc3c950041097323d71b91ed # v1.26.2
       with:
-        step-name: mavenBuild
\ No newline at end of file
+        step-name: mavenBuild
diff --git a/.github/actions/scan-with-blackduck/action.yml b/.github/actions/scan-with-blackduck/action.yml
index 88b0ef4..7f3426c 100644
--- a/.github/actions/scan-with-blackduck/action.yml
+++ b/.github/actions/scan-with-blackduck/action.yml
@@ -42,7 +42,7 @@ runs:
       shell: bash
 
     - name: BlackDuck Scan
-      uses: SAP/project-piper-action@main
+      uses: SAP/project-piper-action@0694c809adf25568fc3c950041097323d71b91ed # v1.26.2
       with:
         step-name: detectExecuteScan
         flags: \
diff --git a/.github/actions/scan-with-sonar/action.yml b/.github/actions/scan-with-sonar/action.yml
index f0120c9..50f0f18 100644
--- a/.github/actions/scan-with-sonar/action.yml
+++ b/.github/actions/scan-with-sonar/action.yml
@@ -42,7 +42,7 @@ runs:
       shell: bash
 
     - name: SonarQube Scan
-      uses: SAP/project-piper-action@main
+      uses: SAP/project-piper-action@0694c809adf25568fc3c950041097323d71b91ed # v1.26.2
       with:
         step-name: sonarExecuteScan
         flags: --token=${{inputs.sonarq-token}} --githubToken=${{inputs.github-token}} --version=${{steps.get-revision.outputs.REVISION}} --inferJavaBinaries=true