diff --git a/trivy-operator.yaml b/trivy-operator.yaml
index 81bfd7ec45b..ef94c26e488 100644
--- a/trivy-operator.yaml
+++ b/trivy-operator.yaml
@@ -1,7 +1,7 @@
 package:
   name: trivy-operator
   version: "0.29.0"
-  epoch: 5 # GHSA-j5w8-q4qc-rx2x
+  epoch: 6 # GHSA-4qg8-fj49-pxjh
   description: "Kubernetes-native security toolkit that finds and reports vulnerabilities and misconfigurations"
   copyright:
     - license: Apache-2.0
@@ -20,6 +20,7 @@ pipeline:
         github.com/containerd/containerd@v1.7.29
         github.com/containerd/containerd/v2@v2.1.5
         golang.org/x/crypto@v0.45.0
+        github.com/sigstore/timestamp-authority@v2.0.3
 
   - uses: go/build
     with: