diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 9da83bf..193d21c 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -33,7 +33,7 @@ jobs:
           fi
 
       - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -42,7 +42,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
           exit-code: '0'
       - name: Check for critical and high vulnerabilities
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -111,4 +111,4 @@ jobs:
           name: bandit-sarif-results
           path: results.sarif
           retention-days: 30
-        continue-on-error: true
\ No newline at end of file
+        continue-on-error: true