diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 13809708..7db52401 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -60,7 +60,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: '${{ steps.meta.outputs.tags[0] }}'
+          image-ref: '${{ fromJSON(steps.meta.outputs.tags)[0] }}'
           format: 'table'
           exit-code: '1'
           ignore-unfixed: true