diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index bebb111..5989ee5 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -95,7 +95,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         # Pinned to a SHA — never @master. A moving branch in a
         # supply-chain workflow defeats the point of the scan.
-        uses: aquasecurity/trivy-action@a9c7b0f06e461e9d4b4d1711f154ee024b8d7ab8  # v0.36.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25  # v0.36.0
         with:
           image-ref: harness-python-react:ci
           format: table