diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fda86ce..49c5a4a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -107,7 +107,7 @@ jobs:
         run: npm audit signatures
 
       - name: Trivy filesystem scan (config + secrets + deps)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: fs
           scan-ref: .
diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml
index 3912560..dc0745d 100644
--- a/.github/workflows/security-nightly.yml
+++ b/.github/workflows/security-nightly.yml
@@ -44,7 +44,7 @@ jobs:
         run: npm audit signatures
 
       - name: Trivy filesystem scan
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           scan-type: fs
           scan-ref: .