diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 18ad782e..ae12da4c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -166,7 +166,7 @@ jobs:
           name: docker-image
 
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.25.0
         with:
           input: /github/workspace/image.tar  # from download-artifact
           format: 'sarif'