diff --git a/.github/workflows/pull-request.yaml b/.github/workflows/pull-request.yaml
index 35285c8..4e00e0c 100644
--- a/.github/workflows/pull-request.yaml
+++ b/.github/workflows/pull-request.yaml
@@ -36,7 +36,7 @@ jobs:
           sudo ./release/http-downloader_linux_amd64_v1/hd install jenkins-zh/jenkins-cli/jcli
           jcli version
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.2.1
+        uses: aquasecurity/trivy-action@0.9.0
         if: github.event_name == 'pull_request'
         with:
           scan-type: 'fs'