diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index f6494d7..f14220c 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -30,6 +30,7 @@ jobs:
           format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
+          limit-severities-for-sarif: true
           exit-code: "1" # Fail the build!
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@65c74964a9ed8c44ed9f19d4bbc5757a6a8e9ab9 # == v2