diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index be6d04e..4a074e1 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -79,7 +79,7 @@ jobs:
         if: steps.changes.outputs.needs_build == 'true'
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         if: ${{ steps.changes.outputs.needs_build == 'true' && github.event.sender.login != 'dependabot[bot]' }}
         with:
           image-ref: '${{ matrix.image.image-name }}:latest'
@@ -93,7 +93,7 @@ jobs:
           sarif_file: trivy-${{ matrix.image.image-name }}.sarif
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         if: steps.changes.outputs.needs_build == 'true'
         with:
           image-ref: '${{ matrix.image.image-name }}:latest'