diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index face3741..86c01f29 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -12,7 +12,7 @@ jobs:
         platform: [numaker_pfm_m2351, m2351_badge, mps2_an505_qemu]
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Install extra tools
         run: |
diff --git a/.github/workflows/fossology.yml b/.github/workflows/fossology.yml
index 6a08e4d3..818e9581 100644
--- a/.github/workflows/fossology.yml
+++ b/.github/workflows/fossology.yml
@@ -9,17 +9,25 @@ jobs:
     runs-on: ubuntu-latest
     
     container:
-      image: fossology/fossology:scanner
+      image: fossology/fossology@sha256:8bd1f22ba7bba820e07525ed44bfe923ad70f02041fcd166d20c25f4ec03b646
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Fossology run
         run: |
-          export GITHUB_TOKEN=${{secrets.GITHUB_TOKEN}}
+          export GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+          export GITHUB_REPO_OWNER=${{ github.actor }}
+          export GITHUB_REPO_URL=https://github.com/${{ github.repository}}
           export GITHUB_PULL_REQUEST="None"
+          # echo "GITHUB_TOKEN=$GITHUB_TOKEN" >> $GITHUB_ENV
           /bin/fossologyscanner repo nomos ojo copyright keyword
-        continue-on-error: true
+          username: ${{ github.actor }}
+        # env:
+        #   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        #   GITHUB_PULL_REQUEST: "None"
+        #   GITHUB_REPO_OWNER: ${{ github.actor }}
+        continue-on-error: false
 
       - name: Upload artifact
         uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
diff --git a/.github/workflows/license-finder.yml b/.github/workflows/license-finder.yml
index 09dc48c2..65b989c9 100644
--- a/.github/workflows/license-finder.yml
+++ b/.github/workflows/license-finder.yml
@@ -12,7 +12,7 @@ jobs:
       image: gianlucadb0/license_finder
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: License finder run
         run: | 
diff --git a/.github/workflows/scancode.yml b/.github/workflows/scancode.yml
index 1eacbd05..d28e4a4d 100644
--- a/.github/workflows/scancode.yml
+++ b/.github/workflows/scancode.yml
@@ -12,7 +12,7 @@ jobs:
       image: gianlucadb0/scancode-toolkit
 
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
 
       - name: Create results directory
         run: mkdir results
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 3b18adce..530d31a9 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           persist-credentials: false