diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b7d5e65c..458ac709 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -196,7 +196,7 @@ jobs:
         run: pnpm audit || true
       
       - name: Trivy secret scan (repo)
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'