diff --git a/.github/workflows/cve-check.yml b/.github/workflows/cve-check.yml
index c31a0017f..a4a7fefac 100644
--- a/.github/workflows/cve-check.yml
+++ b/.github/workflows/cve-check.yml
@@ -42,7 +42,7 @@ jobs:
         run: ./gradlew resolveAndLockAll --write-locks
 
       - name: Check for vulnerabilities
-        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0
         id: cve_check
         with:
           scan-type: 'fs'