diff --git a/.github/workflows/run-trivy.yaml b/.github/workflows/run-trivy.yaml
index 369a04a83..cf72de26f 100644
--- a/.github/workflows/run-trivy.yaml
+++ b/.github/workflows/run-trivy.yaml
@@ -36,8 +36,9 @@ jobs:
           severity: CRITICAL,HIGH
           scan-ref: infra/terraform
 
+      # Upload the results to GitHub's code scanning dashboard.
       # https://github.com/github/codeql-action
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3
+        uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
         with:
           sarif_file: trivy-results.sarif