diff --git a/.github/workflows/trivy_fs.yaml b/.github/workflows/trivy_fs.yaml
index 6e43472a835..63552ada056 100644
--- a/.github/workflows/trivy_fs.yaml
+++ b/.github/workflows/trivy_fs.yaml
@@ -23,7 +23,7 @@ jobs:
       security-events: write
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-    - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0  # v0.29.0
+    - uses: aquasecurity/trivy-action@0.35.0
       with:
         scan-type: 'fs'
         ignore-unfixed: true
diff --git a/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb b/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
index abb58c3669b..3504a3c47a1 100644
--- a/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
+++ b/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
@@ -83,9 +83,9 @@
   '79b0f844237bd4b0446e4dc884dbc1765fc7dedc3968f743d5949c6f2e701739'
 
 default['trivy']['download_path'] =
-  'https://github.com/aquasecurity/trivy/releases/download/v0.64.1/trivy_0.64.1_Linux-64bit.tar.gz'
+  'https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-64bit.tar.gz'
 default['trivy']['sha256'] =
-  '1a09d86667b3885a8783d1877c9abc8061b2b4e9b403941b22cbd82f10d275a8'
+  '1816b632dfe529869c740c0913e36bd1629cb7688bd5634f4a858c1d57c88b75'
 
 default['yq']['download_path'] =
   'https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_linux_amd64'
diff --git a/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb b/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
index 84cc19c046a..62019de0263 100644
--- a/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
+++ b/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
@@ -84,9 +84,9 @@
   'dece9b0131af5ced0f8c278a53c0cf06a4f0d1d70a177c0979f6d111654397ce'
 
 default['trivy']['download_path'] =
-  'https://github.com/aquasecurity/trivy/releases/download/v0.64.1/trivy_0.64.1_macOS-64bit.tar.gz'
+  'https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_macOS-64bit.tar.gz'
 default['trivy']['sha256'] =
-  '107a874b41c1f0a48849f859b756f500d8be06f2d2b8956a046a97ae38088bf6'
+  'fec4a9f7569b624dd9d044fca019e5da69e032700edbb1d7318972c448ec2f4e'
 
 default['yq']['download_path'] =
   'https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_darwin_amd64'