diff --git a/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml b/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml
index 28d61c1..a83e7c6 100644
--- a/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml
+++ b/.github/workflows/generate-and-push-sbom-with-trivy-3rd-gen.yml
@@ -70,7 +70,7 @@ jobs:
       - self-hosted-generic-vm-amd64
     steps:
       - name: Scan image in a private registry
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # 0.36.0
         env:
           TRIVY_USERNAME: ${{ secrets[inputs.image-registry-username-secret-name] }}
           TRIVY_PASSWORD: ${{ secrets[inputs.image-registry-password-secret-name] }}