diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 5b53da4..f185b8c 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -40,7 +40,7 @@ jobs:
         run: make test-integration
 
       - name: Run Tunnel vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.16.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -55,7 +55,7 @@ jobs:
           sarif_file: 'tunnel-results.sarif'
       
       - name: Run Tunnel vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.16.0
         with:
           scan-type: 'config'
           hide-progress: false
diff --git a/.github/workflows/khulnasoft-cloud.yml b/.github/workflows/khulnasoft-cloud.yml
index 119e1d3..a0b34e6 100644
--- a/.github/workflows/khulnasoft-cloud.yml
+++ b/.github/workflows/khulnasoft-cloud.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run Tunnel vulnerability scanner against Khulnasoft Cloud
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.16.0
         with:
           scan-type: 'fs'
           hide-progress: true
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d9b2f8d..2f7be6f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -32,7 +32,7 @@ jobs:
         run: make test-integration
 
       - name: Run Tunnel vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.16.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -41,7 +41,7 @@ jobs:
           exit-code: 0
 
       - name: Run Tunnel vulnerability scanner against Khulnasoft Cloud
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.16.0
         with:
           scan-type: 'fs'
           hide-progress: true