diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 07a990b4..3238b33c 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -140,7 +140,7 @@ jobs:
         docker push ${{ steps.getref.outputs.ghcr_image_ref }}-unpatched
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+      uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
       with:
         scan-type: 'image'
         format: 'json'
diff --git a/.github/workflows/patch.yml b/.github/workflows/patch.yml
index b8861567..5f458c66 100644
--- a/.github/workflows/patch.yml
+++ b/.github/workflows/patch.yml
@@ -103,7 +103,7 @@ jobs:
       run: docker pull ${{ steps.getref.outputs.ghcr_image_ref }}
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+      uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
       with:
         scan-type: 'image'
         format: 'json'