diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 9558f72..d12b07f 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -46,13 +46,15 @@ jobs:
             ${{ matrix.target }}.platform=${{ matrix.platform }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.27.0
         with:
           image-ref: ${{ env.IMAGE_TAG }}
           format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
           timeout: "10m"
+        env:
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
diff --git a/docker-bake.hcl b/docker-bake.hcl
index 563d470..0c7902d 100644
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@@ -13,6 +13,5 @@ target "gcp" {
 target "azure" {
     target = "azure"
     platforms = ["linux/amd64", "linux/arm64"]
-    args = {"BASE_IMAGE": "mcr.microsoft.com/azure-cli:latest"}
+    args = {"BASE_IMAGE": "mcr.microsoft.com/azure-cli:2.63.0"}
 }
-