diff --git a/.github/workflows/code-review.yml b/.github/workflows/code-review.yml
index 1264fe68..b4aa46f7 100644
--- a/.github/workflows/code-review.yml
+++ b/.github/workflows/code-review.yml
@@ -228,7 +228,7 @@ jobs:
           docker build -t goodone-app:${{ github.sha }} -f deploy/dev/Dockerfile .
 
       - name: Run Trivy vulnerability scanner (Image)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'goodone-app:${{ github.sha }}'
           format: 'table'
@@ -239,7 +239,7 @@ jobs:
           version: 'latest'
 
       - name: Generate Trivy SARIF (Image)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'goodone-app:${{ github.sha }}'
           format: 'sarif'
@@ -258,7 +258,7 @@ jobs:
         continue-on-error: true
 
       - name: Run Trivy misconfiguration scanner (Dockerfile)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'config'
           scan-ref: 'deploy/dev/Dockerfile'
@@ -270,7 +270,7 @@ jobs:
           version: 'latest'
 
       - name: Generate Trivy SARIF (Config)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'config'
           scan-ref: 'deploy/dev/Dockerfile'