diff --git a/.woodpecker/ci.yml b/.woodpecker/ci.yml
index ea28cf9..55275f7 100644
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@@ -243,7 +243,7 @@ steps:
         if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
         mkdir -p ~/.docker
         echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
-        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG
+        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore --db-repository ghcr.io/aquasecurity/trivy-db git.mosaicstack.dev/mosaic/stack-api:$$SCAN_TAG
     when:
       - branch: [main]
         event: [push, manual, tag]
@@ -264,7 +264,7 @@ steps:
         if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
         mkdir -p ~/.docker
         echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
-        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG
+        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore --db-repository ghcr.io/aquasecurity/trivy-db git.mosaicstack.dev/mosaic/stack-orchestrator:$$SCAN_TAG
     when:
       - branch: [main]
         event: [push, manual, tag]
@@ -305,7 +305,7 @@ steps:
         if [ -n "$$CI_COMMIT_TAG" ]; then SCAN_TAG="$$CI_COMMIT_TAG"; else SCAN_TAG="latest"; fi
         mkdir -p ~/.docker
         echo "{\"auths\":{\"git.mosaicstack.dev\":{\"username\":\"$$GITEA_USER\",\"password\":\"$$GITEA_TOKEN\"}}}" > ~/.docker/config.json
-        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG
+        trivy image --exit-code 1 --severity HIGH,CRITICAL --ignore-unfixed --ignorefile .trivyignore --db-repository ghcr.io/aquasecurity/trivy-db git.mosaicstack.dev/mosaic/stack-web:$$SCAN_TAG
     when:
       - branch: [main]
         event: [push, manual, tag]