diff --git a/.github/workflows/build-and-sign-image.yml b/.github/workflows/build-and-sign-image.yml
index a179287..8adfcaf 100644
--- a/.github/workflows/build-and-sign-image.yml
+++ b/.github/workflows/build-and-sign-image.yml
@@ -77,3 +77,5 @@ jobs:
         continue-on-error: true
         with:
           sarif_file: 'trivy-results-${{ inputs.image }}.sarif'
+          sha: ${{ github.sha }}
+          ref: ${{ github.ref }}