diff --git a/.github/workflows/mcp-docker-build.yml b/.github/workflows/mcp-docker-build.yml
index 0f84ca53..2776714b 100644
--- a/.github/workflows/mcp-docker-build.yml
+++ b/.github/workflows/mcp-docker-build.yml
@@ -94,7 +94,7 @@ jobs:
           fi
 
       - name: Run Trivy vulnerability scanner (diagnostic output)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'cyberchef-mcp:latest'
           format: 'table'
@@ -103,7 +103,7 @@ jobs:
           exit-code: '0'  # Don't fail - this is diagnostic only
 
       - name: Run Trivy vulnerability scanner (SARIF for code scanning)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'cyberchef-mcp:latest'
           format: 'sarif'
diff --git a/.github/workflows/mcp-release.yml b/.github/workflows/mcp-release.yml
index 6ef7abaa..4dac357a 100644
--- a/.github/workflows/mcp-release.yml
+++ b/.github/workflows/mcp-release.yml
@@ -139,7 +139,7 @@ jobs:
       # - Compliance documentation (SOC 2, ISO 27001, NIST SSDF)
       # - Manual verification and archival
       - name: Generate SBOM with Trivy (CycloneDX artifact)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: '${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_IMAGE_NAME }}:latest'
           format: 'cyclonedx'
@@ -148,7 +148,7 @@ jobs:
 
       # Security: Run vulnerability scan on release image (scanning Docker Hub image)
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: '${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_IMAGE_NAME }}:latest'
           format: 'sarif'
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 63564792..7f1020b7 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -92,7 +92,7 @@ jobs:
           fi
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'cyberchef-mcp:scan'
           format: 'sarif'
@@ -110,7 +110,7 @@ jobs:
           category: 'trivy-container-scan'
 
       - name: Run Trivy in table format for logs
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         if: github.event_name == 'pull_request'
         with:
           image-ref: 'cyberchef-mcp:scan'
@@ -157,7 +157,7 @@ jobs:
           fi
 
       - name: Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -208,7 +208,7 @@ jobs:
           load: true
 
       - name: Generate SBOM with Trivy
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: 'cyberchef-mcp:sbom'
           format: 'cyclonedx'