diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 3d1c342b..271b82e2 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@v2 # unpinned since this is not security critical
+        uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398 # v2.3.0
         with:
           results_file: results.sarif
           # sarif format required by upload-sarif action