diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 511b1f1b..1c7c5340 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -122,7 +122,7 @@ jobs:
         docker push ${{ steps.getref.outputs.ghcr_image_ref }}-unpatched
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320 # v0.13.0
+      uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # v0.13.1
       with:
         scan-type: 'image'
         format: 'json'
diff --git a/.github/workflows/patch.yml b/.github/workflows/patch.yml
index 9116b524..f748e3e1 100644
--- a/.github/workflows/patch.yml
+++ b/.github/workflows/patch.yml
@@ -91,7 +91,7 @@ jobs:
       run: docker pull ${{ steps.getref.outputs.ghcr_image_ref }}
     - name: Generate Trivy Report
       if: matrix.canpatch
-      uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320 # v0.13.0
+      uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1 # v0.13.1
       with:
         scan-type: 'image'
         format: 'json'