diff --git a/.github/workflows/devcontainer-build.yaml b/.github/workflows/devcontainer-build.yaml index db6b8715f6..f48b9bb815 100644 --- a/.github/workflows/devcontainer-build.yaml +++ b/.github/workflows/devcontainer-build.yaml @@ -23,7 +23,7 @@ jobs: - name: Build devcontainer image run: docker build .devcontainer - name: Trivy Scan Image - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-build.yaml b/.github/workflows/images-build.yaml index 781c311774..9427b99206 100644 --- a/.github/workflows/images-build.yaml +++ b/.github/workflows/images-build.yaml @@ -31,7 +31,7 @@ jobs: - name: ko build run: VERSION=${{ github.ref_name }} make ko-build-all - name: Trivy Scan Image - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-publish.yaml b/.github/workflows/images-publish.yaml index 350b3dbbae..61120498ce 100644 --- a/.github/workflows/images-publish.yaml +++ b/.github/workflows/images-publish.yaml @@ -40,7 +40,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 22f667999c..b8d2e03329 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index 34ff1bb0d4..5f3b9abf26 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -30,7 +30,7 @@ jobs: echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT - name: Scan for vulnerabilities in latest image - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest @@ -40,7 +40,7 @@ jobs: output: scan1.json - name: Scan for vulnerabilities in latest-1 image - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }} format: json @@ -49,7 +49,7 @@ jobs: output: scan2.json - name: Scan for vulnerabilities in latest-2 image - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }} format: json