diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml
index 7e24f03..cb006f8 100644
--- a/.github/workflows/image.yml
+++ b/.github/workflows/image.yml
@@ -55,7 +55,7 @@ jobs:
       contents: write
       security-events: write
     steps:
-      - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+      - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           image-ref: ${{ needs.image.outputs.image_name }}
           format: github
diff --git a/scan-image/action.yml b/scan-image/action.yml
index e53f643..5d4f79a 100644
--- a/scan-image/action.yml
+++ b/scan-image/action.yml
@@ -13,7 +13,7 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+    - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
       with:
         image-ref: ${{ inputs.image-ref }}
         exit-code: ${{ inputs.fail-on-vulnerability == 'true' && '1' || '0' }}