diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index a0ec4d8fc9..981414b89e 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -31,14 +31,14 @@ jobs:
           mkdir -p .ci/base/docs
           pip-compile -o .ci/base/docs/requirements.txt docs/requirements.txt
       - name: Run Trivy Scan (full, csv)
-        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # 0.21.0
+        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
         with:
           trivy-config: ".ci/trivy-csv.yaml"
           scan-type: 'fs'
           scan-ref: ".ci/"
           scanners: vuln,secret
       - name: Run Trivy Scan (prod, spdx.json)
-        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # 0.21.0
+        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
         with:
           trivy-config: ".ci/trivy-json.yaml"
           scan-type: 'fs'