diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml
index 986f99d..8d2ab2b 100644
--- a/.github/workflows/_build.yml
+++ b/.github/workflows/_build.yml
@@ -34,7 +34,7 @@ jobs:
           - svc_name: "incident-response/nginx"
             docker_file: "Dockerfile.nginx"
     steps:
-      - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3
 
       - name: set up docker buildx
         uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
diff --git a/.github/workflows/_deploy.yml b/.github/workflows/_deploy.yml
index c467f3d..b42e618 100644
--- a/.github/workflows/_deploy.yml
+++ b/.github/workflows/_deploy.yml
@@ -25,7 +25,7 @@ jobs:
   terraform_workflow:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3
 
       - uses: unfor19/install-aws-cli-action@46282f151073130d90347412d9c4ef0640177f22 # pin@v1.0.3
 
diff --git a/.github/workflows/workflow_path_to_live.yml b/.github/workflows/workflow_path_to_live.yml
index 3ec2428..e4ee4e4 100644
--- a/.github/workflows/workflow_path_to_live.yml
+++ b/.github/workflows/workflow_path_to_live.yml
@@ -33,7 +33,7 @@ jobs:
       parsed_branch: main
       version_tag: ${{ steps.semver_tag.outputs.created_tag }}
     steps:
-      - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3
 
       - name: generate semver tag for release
         id: semver_tag
diff --git a/.github/workflows/workflow_pull_request_path.yml b/.github/workflows/workflow_pull_request_path.yml
index 538a766..76284b3 100644
--- a/.github/workflows/workflow_pull_request_path.yml
+++ b/.github/workflows/workflow_pull_request_path.yml
@@ -33,7 +33,7 @@ jobs:
       parsed_branch: ${{ steps.branch_name.outputs.safe }}
       version_tag: ${{ steps.semver_tag.outputs.created_tag }}
     steps:
-      - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3
+      - uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # pin@v3
 
       - name: generate safe branch name
         id: branch_name