diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9794487..f9b656c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -204,6 +204,11 @@ jobs:
       if: ${{ !inputs.skip_code_scans }}
       uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
       with:
+        # Pin a Trivy version whose release artifacts are still published.
+        # Older versions (including the action's default v0.65.0) had their
+        # release assets removed, breaking install.sh. See
+        # https://github.com/aquasecurity/trivy/discussions/10265
+        version: 'v0.69.3'
         scan-type: 'fs'
         scan-ref: '.'
         scanners: 'vuln,secret,misconfig'