diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 6ccbe9a78..99425b358 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -29,7 +29,7 @@ jobs:
           IMAGE_TAG=${HELM_IMAGE_TAG:-security-test}
           VERSION=security-test make image
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
         with:
           image-ref: 'descheduler:security-test'
           format: 'sarif'