diff --git a/.github/workflows/trivy-security-scan.yml b/.github/workflows/trivy-security-scan.yml
index 78208b69d7..c8a74dcfbe 100644
--- a/.github/workflows/trivy-security-scan.yml
+++ b/.github/workflows/trivy-security-scan.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Run Trivy vulnerability scanner on image
         uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # @v0.16.1
         with:
-          image-ref: ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:${{ github.event.client_payload.sha }}
+          image-ref: ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}:sha-${{ github.event.client_payload.sha }}
           format: "sarif"
           output: "trivy-results.sarif"
           exit-code: "1"