diff --git a/.github/workflows/security-scan-trivy.yml b/.github/workflows/security-scan-trivy.yml
index dea8d63c..f6a5208e 100644
--- a/.github/workflows/security-scan-trivy.yml
+++ b/.github/workflows/security-scan-trivy.yml
@@ -44,6 +44,7 @@ jobs:
           format: sarif
           output: trivy-results.sarif
           vuln-type: os
+          timeout: 15m0s
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@a3a6c128d771b6b9bdebb1c9d0583ebd2728a108 # tag=v2.1.11