diff --git a/.github/workflows/devcontainer-build.yaml b/.github/workflows/devcontainer-build.yaml index 00f136187c..441c1c9b50 100644 --- a/.github/workflows/devcontainer-build.yaml +++ b/.github/workflows/devcontainer-build.yaml @@ -23,7 +23,7 @@ jobs: - name: Build devcontainer image run: docker build .devcontainer - name: Trivy Scan Image - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-build.yaml b/.github/workflows/images-build.yaml index 2e231e77f4..5eb7a602d5 100644 --- a/.github/workflows/images-build.yaml +++ b/.github/workflows/images-build.yaml @@ -32,7 +32,7 @@ jobs: - name: ko build run: VERSION=${{ github.ref_name }} make ko-build-all - name: Trivy Scan Image - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-publish.yaml b/.github/workflows/images-publish.yaml index e14b0ced19..79f6dcb155 100644 --- a/.github/workflows/images-publish.yaml +++ b/.github/workflows/images-publish.yaml @@ -40,7 +40,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c4a19d9619..fe7e4d8ea5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index 2921ab94bb..a0bd8b7f86 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -30,7 +30,7 @@ jobs: echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT - name: Scan for vulnerabilities in latest image - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest format: json @@ -42,7 +42,7 @@ jobs: # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577 TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' - name: Scan for vulnerabilities in latest-1 image - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }} format: json @@ -54,7 +54,7 @@ jobs: # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577 TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' - name: Scan for vulnerabilities in latest-2 image - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # v0.27.0 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }} format: json