diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index edfe216..e387d36 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -130,7 +130,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Run Trivy Vulnerability Scanner 🏰
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@cf5c088a69634cd13ccddc735d7926162c31f9a6 # master
         with:
           image-ref: ghcr.io/${{ github.repository_owner }}/${{ env.APP_NAME }}:${{ github.sha }}
           format: 'sarif'