diff --git a/.github/workflows/bump-trivy.yaml b/.github/workflows/bump-trivy.yaml
index e72194f..33c59ec 100644
--- a/.github/workflows/bump-trivy.yaml
+++ b/.github/workflows/bump-trivy.yaml
@@ -14,7 +14,7 @@ jobs:
   bump:
     runs-on: ubuntu-2404-2core
     permissions:
-      contents: read
+      contents: read # for actions/checkout
     steps:
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
@@ -43,22 +43,25 @@ jobs:
         run: make test
 
       - name: Create PR
-        id: create-pr
-        uses: peter-evans/create-pull-request@4e1beaa7521e8b457b572c090b25bd3db56bf1c5 # v5
-        with:
-          token: ${{ secrets.TRIVY_ACTION_DEPLOY_TOKEN }}
-          title: "chore(deps): Update trivy to v${{ inputs.trivy_version }}"
-          commit-message: "chore(deps): Update trivy to v${{ inputs.trivy_version }}"
-          committer: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
-          author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          branch-suffix: timestamp
-          branch: bump-trivy
-          delete-branch: true
-
-      - name: Check outputs
         env:
-          PR_NUMBER: ${{ steps.create-pr.outputs.pull-request-number }}
-          PR_URL: ${{ steps.create-pr.outputs.pull-request-url }}
+          GH_TOKEN: ${{ secrets.TRIVY_ACTION_DEPLOY_TOKEN }}
+          TRIVY_VERSION: ${{ inputs.trivy_version }}
+          REPO: ${{ github.repository }}
+          BASE_BRANCH: ${{ github.event.repository.default_branch }}
         run: |
-          echo "Pull Request Number - ${PR_NUMBER}"
-          echo "Pull Request URL - ${PR_URL}"
+          gh auth setup-git
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          BRANCH="bump-trivy-${TRIVY_VERSION}"
+          git checkout -b "${BRANCH}"
+          git add action.yaml README.md test/
+          git commit -m "chore(deps): Update trivy to v${TRIVY_VERSION}"
+          git push origin "${BRANCH}"
+          PR_RESPONSE=$(gh api repos/${REPO}/pulls \
+            --method POST \
+            --field title="chore(deps): Update trivy to v${TRIVY_VERSION}" \
+            --field body="This PR was automatically generated by the bump-trivy workflow." \
+            --field base="${BASE_BRANCH}" \
+            --field head="${BRANCH}")
+          echo "Pull Request Number - $(echo "${PR_RESPONSE}" | jq -r '.number')"
+          echo "Pull Request URL - $(echo "${PR_RESPONSE}" | jq -r '.html_url')"