diff --git a/.github/workflows/branch_build.yml b/.github/workflows/branch_build.yml
index 145fbf569b..d118e8c3f6 100644
--- a/.github/workflows/branch_build.yml
+++ b/.github/workflows/branch_build.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     name: "Package and linting"
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
       - name: set up JDK 17
         uses: actions/setup-java@v2
         with:
@@ -37,7 +37,7 @@ jobs:
           - mvn --no-transfer-progress -pl '!webgoat-integration-tests' test
           - mvn --no-transfer-progress -pl webgoat-integration-tests test
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
       - name: set up JDK 17
         uses: actions/setup-java@v2
         with:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c4b40185cb..e27aa5529c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 11
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5c2cbd4b1c..1ed78f158c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v3.1.0
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
index 2ae6e8d960..ec9eb08ea2 100644
--- a/.github/workflows/pr_build.yml
+++ b/.github/workflows/pr_build.yml
@@ -28,7 +28,7 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
         java: [17]
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3.1.0
       - name: Set up JDK ${{ matrix.java }}
         uses: actions/setup-java@v2
         with:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 220df8eb2c..075b6937a7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.1.0
 
       - name: "Get tag name"
         id: tag
@@ -111,7 +111,7 @@ jobs:
     environment:
       name: release
     steps:
-      - uses: actions/checkout@v2.3.4
+      - uses: actions/checkout@v3.1.0
         with:
           ref: develop
           token: ${{ secrets.WEBGOAT_DEPLOYER_TOKEN }}
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 461fbd0f0b..fad2d0613d 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -17,5 +17,5 @@ jobs:
     container:
       image: returntocorp/semgrep
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v3.1.0
     - run: semgrep ci