diff --git a/test/unit-test/main.tf b/test/unit-test/main.tf
index 3ea74a5..b2ebf11 100644
--- a/test/unit-test/main.tf
+++ b/test/unit-test/main.tf
@@ -126,6 +126,7 @@ data "aws_iam_policy_document" "instance-scheduler-lambda-function-policy" {
   }
   # checkov:skip=CKV_AWS_111: "Cannot restrict by KMS alias so leaving open"
   # checkov:skip=CKV_AWS_109: "Cannot restrict by KMS alias so leaving open"
+  # checkov:skip=CKV_AWS_356: "Cannot restrict by KMS alias so leaving open"
   statement {
     sid       = "AllowToDecryptKMS"
     effect    = "Allow"
diff --git a/test/unit-test/s3.tf b/test/unit-test/s3.tf
index 43ec9d5..b883a81 100644
--- a/test/unit-test/s3.tf
+++ b/test/unit-test/s3.tf
@@ -1,5 +1,5 @@
 module "s3-bucket" { #tfsec:ignore:aws-s3-enable-versioning
-  source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=v7.0.0"
+  source = "github.com/ministryofjustice/modernisation-platform-terraform-s3-bucket?ref=8688bc1" # Hash for v7.0.0
 
   bucket_prefix      = "data-platform-products-${local.environment}"
   versioning_enabled = false