diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9b3c53d..7757308 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,16 +8,21 @@ jobs:
     build:
         runs-on: ubuntu-latest
         steps:
+            - name: Harden the runner (Audit all outbound calls)
+              uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
+              with:
+                egress-policy: audit
+
             - name: Checkout
-              uses: actions/checkout@v4
+              uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
             - name: Cache
-              uses: actions/cache@v4
+              uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
               with:
                   path: ~/.pub-cache
                   key: ${{ runner.os }}-pub-${{ hashFiles('**/pubspec.yaml') }}
                   restore-keys: ${{ runner.os }}-pub-
             - name: Set up Flutter
-              uses: subosito/flutter-action@v2.18.0
+              uses: subosito/flutter-action@f2c4f6686ca8e8d6e6d0f28410eeef506ed66aff # v2.18.0
               with:
                   channel: "stable"
             - run: flutter pub get