diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 2ead5643..21fac721 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -140,7 +140,7 @@ jobs:
         docker push ${{ steps.getref.outputs.ghcr_image_ref }}-unpatched
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0
+      uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0
       with:
         scan-type: 'image'
         format: 'json'
diff --git a/.github/workflows/patch.yml b/.github/workflows/patch.yml
index 2814ca23..921fe2d2 100644
--- a/.github/workflows/patch.yml
+++ b/.github/workflows/patch.yml
@@ -104,7 +104,7 @@ jobs:
       run: docker pull ${{ steps.getref.outputs.ghcr_image_ref }}
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0
+      uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0
       with:
         scan-type: 'image'
         format: 'json'