diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 8bf4c08e1daf4a862a3599c72dcbbe21e48cc28e..571c5592e10eb84ccdab9fc827c4359c8569739a 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -25,7 +25,7 @@ jobs:
         with:
           show-progress: false
 
-      - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
+      - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
         with:
           image-ref: ghcr.io/renovatebot/renovate:${{ matrix.tag }}
           format: 'sarif'