diff --git a/.github/workflows/scan-image.yml b/.github/workflows/scan-image.yml
index e4bca17..d32f204 100644
--- a/.github/workflows/scan-image.yml
+++ b/.github/workflows/scan-image.yml
@@ -68,7 +68,7 @@ jobs:
         run: docker pull ${{ matrix.image }}
 
       - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
         with:
           image-ref: ${{ matrix.image }}
           format: 'sarif'
@@ -77,7 +77,7 @@ jobs:
         continue-on-error: true
 
       - name: Run Trivy JSON scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
         with:
           image-ref: ${{ matrix.image }}
           format: 'json'
diff --git a/.github/workflows/scan-repository.yml b/.github/workflows/scan-repository.yml
index ce4b212..e0efe01 100644
--- a/.github/workflows/scan-repository.yml
+++ b/.github/workflows/scan-repository.yml
@@ -167,7 +167,7 @@ jobs:
           category: 'trivy-filesystem'
 
       - name: Run Trivy config scan (JSON)
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
         with:
           scan-type: 'config'
           scan-ref: '.'
@@ -177,7 +177,7 @@ jobs:
           exit-code: '0'
 
       - name: Run Trivy config scan (Table for display)
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284
         with:
           scan-type: 'config'
           scan-ref: '.'