diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index a88de9d..9626eba 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -35,8 +35,8 @@ jobs:
       - name: Run Trivy vulnerability scanner with rootfs command
         uses: aquasecurity/trivy-action@master
         with:
-          scan-type: 'rootfs'
-          scan-ref: '/github/workspace/'
+          scan-type: rootfs
+          scan-ref: ${{ github.workspace }}/
           ignore-unfixed: false
           format: 'sarif'
           output: 'trivy-rootfs.sarif'