diff --git a/.github/workflows/trivy-code.yml b/.github/workflows/trivy-code.yml
index e0cc220..49b4e64 100644
--- a/.github/workflows/trivy-code.yml
+++ b/.github/workflows/trivy-code.yml
@@ -22,7 +22,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@0.20.0
+      uses: aquasecurity/trivy-action@0.28.0
       with:
         scan-type: 'fs'
         ignore-unfixed: true
@@ -36,7 +36,7 @@ jobs:
         sarif_file: 'trivy-results.sarif'
 
     - name: Generate SBOM
-      uses: aquasecurity/trivy-action@0.20.0
+      uses: aquasecurity/trivy-action@0.28.0
       with:
         scan-type: 'fs'
         format: 'github'