diff --git a/code-scanning/datree.yml b/code-scanning/datree.yml
index df301c7c39..44afd69dbf 100644
--- a/code-scanning/datree.yml
+++ b/code-scanning/datree.yml
@@ -17,6 +17,9 @@ on:
     # The branches below must be a subset of the branches above
     branches: [ $default-branch ]
 
+permissions:
+  contents: read
+
 jobs:
   datree:
     permissions:
@@ -27,7 +30,7 @@ jobs:
       - uses: actions/checkout@v3
       - name: Run Datree policy check
         continue-on-error: true
-        uses: hadar-co/action-datree@main
+        uses: datreeio/action-datree@de67ae7a5133d719dc794e1b75682cd4c5f94d8a
         env:
           # In order to use the Datree action you will need to have a Datree token.
           # See https://hub.datree.io/setup/account-token#1-get-your-account-token-from-the-dashboard to acquire your token.
@@ -41,4 +44,4 @@ jobs:
       - name: Upload result to GitHub Code Scanning
         uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: datree.sarif
\ No newline at end of file
+          sarif_file: datree.sarif