diff --git a/.github/workflows/_.helm.lint.yaml b/.github/workflows/_.helm.lint.yaml
index 1d98f62ef..9a4f9b24d 100644
--- a/.github/workflows/_.helm.lint.yaml
+++ b/.github/workflows/_.helm.lint.yaml
@@ -106,7 +106,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -119,7 +119,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table
diff --git a/.github/workflows/_.images.build.yaml b/.github/workflows/_.images.build.yaml
index d150cc70a..04b67abde 100644
--- a/.github/workflows/_.images.build.yaml
+++ b/.github/workflows/_.images.build.yaml
@@ -209,7 +209,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -222,7 +222,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table
diff --git a/.github/workflows/_.images.supply-chain.for-artifacts.yaml b/.github/workflows/_.images.supply-chain.for-artifacts.yaml
index 306d66494..00f7b417d 100644
--- a/.github/workflows/_.images.supply-chain.for-artifacts.yaml
+++ b/.github/workflows/_.images.supply-chain.for-artifacts.yaml
@@ -33,7 +33,7 @@ jobs:
       - name: Extract OCI-Archive for Trivy
         run: "skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}"
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: cyclonedx
@@ -65,7 +65,7 @@ jobs:
       - name: Extract OCI-Archive for Trivy
         run: skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: cosign-vuln
@@ -76,7 +76,7 @@ jobs:
           path: vulnerabilities.cosign-vuln.json
 
       # Upload SARIF report for GitHub CodeQL at the same time
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: sarif
diff --git a/.github/workflows/_.images.supply-chain.for-registry.yaml b/.github/workflows/_.images.supply-chain.for-registry.yaml
index f846062c6..b7f0ef8f5 100644
--- a/.github/workflows/_.images.supply-chain.for-registry.yaml
+++ b/.github/workflows/_.images.supply-chain.for-registry.yaml
@@ -24,7 +24,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: cyclonedx
@@ -53,7 +53,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: cosign-vuln
@@ -64,7 +64,7 @@ jobs:
         run: cosign attest --yes --replace --predicate vulnerabilities.cosign-vuln.json --type vuln "${{ inputs.image-ref }}"
 
       # Upload SARIF report for GitHub CodeQL at the same time
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: sarif
diff --git a/.github/workflows/push.helm.release.yml b/.github/workflows/push.helm.release.yml
index b7449ce3d..df68439de 100644
--- a/.github/workflows/push.helm.release.yml
+++ b/.github/workflows/push.helm.release.yml
@@ -85,7 +85,7 @@ jobs:
         chart: ${{ fromJson(needs.list-changed-charts.outputs.charts) }}
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -98,7 +98,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table
diff --git a/.github/workflows/workflow_dispatch.helm.release.yml b/.github/workflows/workflow_dispatch.helm.release.yml
index a47c2b359..a1deb3269 100644
--- a/.github/workflows/workflow_dispatch.helm.release.yml
+++ b/.github/workflows/workflow_dispatch.helm.release.yml
@@ -95,7 +95,7 @@ jobs:
         chart: ${{ fromJson(needs.list-all-charts.outputs.charts) }}
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -108,7 +108,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table