diff --git a/.github/workflows/confbatstest-build.yaml b/.github/workflows/confbatstest-build.yaml
index e044f85..31c2890 100644
--- a/.github/workflows/confbatstest-build.yaml
+++ b/.github/workflows/confbatstest-build.yaml
@@ -84,7 +84,7 @@ jobs:
           cosign sign --yes ${image_uri}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         env:
           TRIVY_USERNAME: ${{ github.repository_owner }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
@@ -95,7 +95,7 @@ jobs:
           output: "cosign-vuln.json"
 
       - name: Run Trivy SBOM generator
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         env:
           TRIVY_USERNAME: ${{ github.repository_owner }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}