diff --git a/.github/workflows/devcontainer-build.yaml b/.github/workflows/devcontainer-build.yaml index fb9090ba9d..064c2bba4f 100644 --- a/.github/workflows/devcontainer-build.yaml +++ b/.github/workflows/devcontainer-build.yaml @@ -23,7 +23,7 @@ jobs: - name: Build devcontainer image run: docker build .devcontainer - name: Trivy Scan Image - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-build.yaml b/.github/workflows/images-build.yaml index 3b6f0dfcf4..90b6b5e45e 100644 --- a/.github/workflows/images-build.yaml +++ b/.github/workflows/images-build.yaml @@ -31,7 +31,7 @@ jobs: - name: ko build run: VERSION=${{ github.ref_name }} make ko-build-all - name: Trivy Scan Image - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-publish.yaml b/.github/workflows/images-publish.yaml index 4801aa79c6..3bd54fd9be 100644 --- a/.github/workflows/images-publish.yaml +++ b/.github/workflows/images-publish.yaml @@ -40,7 +40,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 8effe82e8a..d5b95d2111 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index f0d0685ac8..aec28c5023 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -30,7 +30,7 @@ jobs: echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT - name: Scan for vulnerabilities in latest image - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest @@ -40,7 +40,7 @@ jobs: output: scan1.json - name: Scan for vulnerabilities in latest-1 image - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }} format: json @@ -49,7 +49,7 @@ jobs: output: scan2.json - name: Scan for vulnerabilities in latest-2 image - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.8.0 (Trivy v0.34.0) + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.8.0 (Trivy v0.34.0) with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }} format: json