diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 29bcb9c..b4e3e4e 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 env:
-  TRIVY_VERSION: 0.65.0
+  TRIVY_VERSION: 0.68.1
   BATS_LIB_PATH: '/usr/lib/'
 
 jobs:
diff --git a/README.md b/README.md
index 58814df..4ab0986 100644
--- a/README.md
+++ b/README.md
@@ -215,7 +215,7 @@ jobs:
       uses: aquasecurity/setup-trivy@v0.2.0
       with:
         cache: true
-        version: v0.65.0
+        version: v0.68.1
 
     - name: Run Trivy vulnerability scanner in repo mode
       uses: aquasecurity/trivy-action@master
@@ -891,7 +891,7 @@ Following inputs can be used as `step.with` keys:
 | `github-pat`                 | String  |                                    | Authentication token to enable sending SBOM scan results to GitHub Dependency Graph. Can be either a GitHub Personal Access Token (PAT) or GITHUB_TOKEN          |
 | `limit-severities-for-sarif` | Boolean | false                              | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true**   |
 | `docker-host`                | String  |                                    | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values (`unix:/` or other prefix is required) |
-| `version`                    | String  | `v0.65.0`                          | Trivy version to use, e.g. `latest` or `v0.65.0`                                                                                                                 |
+| `version`                    | String  | `v0.68.1`                          | Trivy version to use, e.g. `latest` or `v0.68.1`                                                                                                                 |
 | `skip-setup-trivy`           | Boolean | false                              | Skip calling the `setup-trivy` action to install `trivy`                                                                                                         |
 | `token-setup-trivy`          | Boolean |                                    | Overwrite `github.token` used by `setup-trivy` to checkout the `trivy` repository                                                                                |
 
diff --git a/action.yaml b/action.yaml
index 60323e9..86e2c31 100644
--- a/action.yaml
+++ b/action.yaml
@@ -98,7 +98,7 @@ inputs:
   version:
     description: 'Trivy version to use'
     required: false
-    default: 'v0.65.0'
+    default: 'v0.68.1'
   cache:
     description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.'
     required: false
diff --git a/test/data/secret-scan/report.json b/test/data/secret-scan/report.json
index b22503e..9d00f1e 100644
--- a/test/data/secret-scan/report.json
+++ b/test/data/secret-scan/report.json
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "ArtifactID": "sha256:79ce4c2f8371bef1ce2a321518d3136bc1bd8f3c307ed679944a38e7cbd76c14",
   "ArtifactName": "https://github.com/krol3/demo-trivy/",
   "ArtifactType": "repository",
   "Metadata": {
@@ -64,7 +65,8 @@
               }
             ]
           },
-          "Match": "export GITHUB_PAT=****************************************"
+          "Match": "export GITHUB_PAT=****************************************",
+          "Offset": 63
         }
       ]
     }
diff --git a/test/data/with-trivy-yaml-cfg/report.json b/test/data/with-trivy-yaml-cfg/report.json
index 64d26a9..9613217 100644
--- a/test/data/with-trivy-yaml-cfg/report.json
+++ b/test/data/with-trivy-yaml-cfg/report.json
@@ -1,5 +1,6 @@
 {
   "SchemaVersion": 2,
+  "ArtifactID": "sha256:aab05ff324c90bb728aa5177b75d7e39d363be13323873de70959d2251edcebc",
   "ArtifactName": "alpine:3.10",
   "ArtifactType": "container_image",
   "Metadata": {
@@ -19,6 +20,7 @@
     "RepoDigests": [
       "alpine@sha256:451eee8bedcb2f029756dc3e9d73bab0e7943c1ac55cff3a4861c52a0fdd3e98"
     ],
+    "Reference": "alpine:3.10",
     "ImageConfig": {
       "architecture": "amd64",
       "container": "fdb7e80e3339e8d0599282e606c907aa5881ee4c668a68136119e6dfac6ce3a4",
@@ -88,6 +90,7 @@
             "Name": "Alpine Secdb",
             "URL": "https://secdb.alpinelinux.org/"
           },
+          "Fingerprint": "sha256:f86484d912018e22a8212a9c21359a64583d86342016ed1c57e3b3d6e9afa63c",
           "Title": "libfetch: an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes leads to information leak or crash",
           "Description": "libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\\0' terminator one byte too late.",
           "Severity": "CRITICAL",