diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
index 7e24f03..5f5bc29 100644
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -55,7 +55,7 @@ jobs:
       contents: write
       security-events: write
     steps:
-      - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+      - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0
         with:
           image-ref: ${{ needs.image.outputs.image_name }}
           format: github
diff --git a/scan-image/action.yml b/scan-image/action.yml
index e53f643..4390adb 100644
--- a/scan-image/action.yml
+++ b/scan-image/action.yml
@@ -13,7 +13,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+    - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0
       with:
         image-ref: ${{ inputs.image-ref }}
         exit-code: ${{ inputs.fail-on-vulnerability == 'true' && '1' || '0' }}