diff --git a/.github/workflows/cybersandbox-build.yml b/.github/workflows/cybersandbox-build.yml
index 671d012..945b5c8 100644
--- a/.github/workflows/cybersandbox-build.yml
+++ b/.github/workflows/cybersandbox-build.yml
@@ -139,7 +139,7 @@ jobs:
           retention-days: 90
 
       - name: Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           image-ref: cybersandbox:ci
           scanners: vuln   # skip secret-scanner: nuclei/metasploit payloads are not secrets
@@ -158,7 +158,7 @@ jobs:
           category: trivy-container
 
       - name: Trivy gate (fail on CRITICAL fixed)
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
         with:
           image-ref: cybersandbox:ci
           scanners: vuln   # skip secret-scanner: nuclei/metasploit payloads are not secrets