diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
index dad7cda..501a68b 100644
--- a/.github/workflows/pull_request.yaml
+++ b/.github/workflows/pull_request.yaml
@@ -87,7 +87,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode for Low Priority
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: fs
           ignore-unfixed: true
@@ -96,7 +96,7 @@ jobs:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       - name: Run Trivy vulnerability scanner in repo mode for High Priority
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: fs
           ignore-unfixed: true
diff --git a/.github/workflows/trivy_schedule.yaml b/.github/workflows/trivy_schedule.yaml
index 9f6e680..64ba998 100644
--- a/.github/workflows/trivy_schedule.yaml
+++ b/.github/workflows/trivy_schedule.yaml
@@ -14,7 +14,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner sarif output
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: fs
           ignore-unfixed: true