diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 7a9d37e460..9267064d65 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -13,6 +13,23 @@ jobs:
     env:
       GH_TOKEN: ${{ github.token }}
     steps:
+    - name: Check if comment author is a member of k3s team
+      uses: actions/github-script@v7
+      with:
+        script: |
+          const org = context.repo.owner;
+          const team_slug = 'k3s';
+          const username = context.payload.comment.user.login;
+
+          const { data: membership } = await github.teams.getMembershipForUserInOrg({
+            org,
+            team_slug,
+            username
+          });
+
+          if (membership.state !== 'active') {
+            core.setFailed(`User ${username} is not an active member of the ${team_slug} team`);
+          }
     - name: Checkout PR code
       uses: actions/checkout@v4
       with: