diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index 08f901fb399..25796993354 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -291,11 +291,11 @@ jobs:
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
         env:
-          TRIVY_VERSION: "0.36.1"
+          TRIVY_VERSION: "0.41.0"
 
       - name: Run trivy on git repository
         run: |
-          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+          trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln .
 
       - name: Build docker images
         run: |
@@ -308,7 +308,5 @@ jobs:
       - name: Run trivy on images
         run: |
           for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do
-            for vuln_type in "os" "library"; do
-              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${img}"
-            done
+              trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
           done
diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000000..b583a1d2c18
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,3 @@
+# false positive due to prometheus versioning
+# https://github.com/aquasecurity/trivy/issues/2992
+CVE-2019-3826