diff --git a/actions/ql/examples/codeql-pack.lock.yml b/actions/ql/examples/codeql-pack.lock.yml
new file mode 100644
index 000000000000..53004274575d
--- /dev/null
+++ b/actions/ql/examples/codeql-pack.lock.yml
@@ -0,0 +1,4 @@
+---
+lockVersion: 1.0.0
+dependencies: {}
+compiled: false
diff --git a/actions/ql/examples/qlpack.yml b/actions/ql/examples/qlpack.yml
new file mode 100644
index 000000000000..45be7ae01350
--- /dev/null
+++ b/actions/ql/examples/qlpack.yml
@@ -0,0 +1,7 @@
+name: codeql/actions-examples
+groups:
+  - actions
+  - examples
+dependencies:
+  codeql/actions-all: ${workspace}
+warnOnImplicitThis: true
diff --git a/actions/ql/examples/snippets/uses_pinned_sha.ql b/actions/ql/examples/snippets/uses_pinned_sha.ql
new file mode 100644
index 000000000000..84b2cdae0fdb
--- /dev/null
+++ b/actions/ql/examples/snippets/uses_pinned_sha.ql
@@ -0,0 +1,12 @@
+/**
+ * @name Uses step with pinned SHA
+ * @description Finds 'uses' steps where the version is a pinned SHA.
+ * @id actions/examples/uses-pinned-sha
+ * @tags example
+ */
+
+import actions
+
+from UsesStep uses
+where uses.getVersion().regexpMatch("^[A-Fa-f0-9]{40}$")
+select uses, "This 'uses' step has a pinned SHA version."