diff --git a/.github/actions/image_scan/action.yml b/.github/actions/image_scan/action.yml
index 6915d49f..541d253d 100644
--- a/.github/actions/image_scan/action.yml
+++ b/.github/actions/image_scan/action.yml
@@ -32,7 +32,7 @@ runs:
     run: docker logout public.ecr.aws
 
   - name: Run Trivy vulnerability scanner on image
-    uses: aquasecurity/trivy-action@master
+    uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
     with:
       image-ref: ${{ inputs.image-ref }}
       severity: ${{ inputs.severity }}