diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index e48e37a..16be0aa 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -35,7 +35,7 @@ jobs:
 
       # Scheduled scan: scan existing published image
       - name: Run Trivy vulnerability scanner on published image
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.34.1
         if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
         with:
           image-ref: ghcr.io/${{ env.REPO }}:latest
@@ -50,7 +50,7 @@ jobs:
           sarif_file: "trivy-docker-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output for scheduled)
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.34.1
         if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
         with:
           image-ref: ghcr.io/${{ env.REPO }}:latest
@@ -115,7 +115,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Run Trivy vulnerability scanner on Docker image
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.34.1
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
         with:
           image-ref: ${{ env.REPO }}:scan
@@ -130,7 +130,7 @@ jobs:
           sarif_file: "trivy-docker-results.sarif"
 
       - name: Run Trivy vulnerability scanner (table output)
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@0.34.1
         if: github.event_name != 'schedule' && github.event_name != 'workflow_dispatch'
         with:
           image-ref: ${{ env.REPO }}:scan