diff --git a/.github/workflows/compliance.yaml b/.github/workflows/compliance.yaml
index 877124f02..bde42c35e 100644
--- a/.github/workflows/compliance.yaml
+++ b/.github/workflows/compliance.yaml
@@ -44,11 +44,11 @@ jobs:
         shell: bash
 
       - name: Download assessment
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: ${{ inputs.flavor }}-assessment-results
           path: ./compliance
-      
+
       - name: review compliance directory again
         run: ls -al ./compliance/
         shell: bash
@@ -68,7 +68,8 @@ jobs:
           ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload Evaluated Assessment
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: ${{ inputs.flavor }}-assessment-results
           path: ./compliance/oscal-assessment-results.yaml
+          overwrite: true
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 6dbae2b27..296bca5dd 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -68,7 +68,7 @@ jobs:
 
       - name: Upload Assessment
         if: ${{ inputs.package == 'all' && inputs.test_type == 'install' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: ${{ inputs.flavor }}-assessment-results
           path: ./compliance/oscal-assessment-results.yaml