diff --git a/Dockerfile b/Dockerfile
index af79763..97dc1d3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.19 as builder
+FROM golang:1.19@sha256:3025bf670b8363ec9f1b4c4f27348e6d9b7fec607c47e401e40df816853e743a as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -19,7 +19,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -o manager main.go
 
 # Use distroless as minimal base image to package the manager binary
 # Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
+FROM gcr.io/distroless/static:nonroot@sha256:6732c3975d97fac664a5ed15a81a5915e023a7b5a7b58195e733c60b8dc7e684
 WORKDIR /
 COPY --from=builder /workspace/manager .
 USER 65532:65532
diff --git a/ci.Dockerfile b/ci.Dockerfile
index 1c17792..bd39075 100644
--- a/ci.Dockerfile
+++ b/ci.Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal
+FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:8bedbe742f140108897fb3532068e8316900d9814f399d676ac78b46e740e34e
 WORKDIR /
 COPY bin/manager .
 USER 65532:65532
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index f95634d..77bc024 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -13,4 +13,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/raffaelespazzoli/vault-config-operator
-  newTag: latest
+  newTag: latest@sha256:742084eff2e6b599563a9dabaf79ab0e9a9319b7f973b9e763b3c5f14321aa11