diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6d48589b..d7045791 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -155,7 +155,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           scan-type: 'fs'
           ignore-unfixed: true
diff --git a/cloudbuild/cloudbuild-cdn.yaml b/cloudbuild/cloudbuild-cdn.yaml
index 3dec9f5b..985999a7 100644
--- a/cloudbuild/cloudbuild-cdn.yaml
+++ b/cloudbuild/cloudbuild-cdn.yaml
@@ -14,7 +14,7 @@ steps:
     args: ['install']
 
   - id: 'scan with trivy'
-    name: 'aquasec/trivy:latest'
+    name: 'aquasec/trivy@sha256:bcc376de8d77cfe086a917230e818dc9f8528e3c852f7b1aff648949b6258d1c'
     args:
       - 'fs'
       - '--db-repository'