diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index 3dda4a7fe0..d1d6da38ad 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -133,7 +133,7 @@ jobs: make docker-build-kyverno - name: Trivy Scan Image - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@40c4ca9e7421287d0c5576712fdff370978f9c3c with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml index 600d036255..feab387bbe 100644 --- a/.github/workflows/reuse.yaml +++ b/.github/workflows/reuse.yaml @@ -64,7 +64,7 @@ jobs: ${{ runner.os }}-go- - name: Log into ghcr.io - uses: docker/login-action@master + uses: docker/login-action@7c79b598eaa33458e78e8d0d71e0a9c217dd92af with: registry: ghcr.io username: ${{secrets.registry_username}} @@ -81,7 +81,7 @@ jobs: - name: Run Trivy vulnerability scanner in repo mode if: ${{inputs.tag == 'release'}} - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@40c4ca9e7421287d0c5576712fdff370978f9c3c with: scan-type: 'fs' ignore-unfixed: true diff --git a/cmd/cli/kubectl-kyverno/Dockerfile b/cmd/cli/kubectl-kyverno/Dockerfile index 0b2b6c0f0d..074aa8c6c9 100644 --- a/cmd/cli/kubectl-kyverno/Dockerfile +++ b/cmd/cli/kubectl-kyverno/Dockerfile @@ -1,6 +1,6 @@ # Multi-stage docker build # Build stage -FROM golang:1.17.6 AS builder +FROM golang@sha256:ec67c62f48ddfbca1ccaef18f9b3addccd707e1885fa28702a3954340786fcf6 AS builder LABEL maintainer="Kyverno" diff --git a/cmd/initContainer/Dockerfile b/cmd/initContainer/Dockerfile index b8ff0a15b8..4de4d7a07c 100644 --- a/cmd/initContainer/Dockerfile +++ b/cmd/initContainer/Dockerfile @@ -1,6 +1,6 @@ # Multi-stage docker build # Build stage -FROM golang:1.17.6 AS builder +FROM golang@sha256:ec67c62f48ddfbca1ccaef18f9b3addccd707e1885fa28702a3954340786fcf6 AS builder LABEL maintainer="Kyverno" diff --git a/cmd/kyverno/Dockerfile b/cmd/kyverno/Dockerfile index d83a12967a..e65ef8aafc 100644 --- a/cmd/kyverno/Dockerfile +++ b/cmd/kyverno/Dockerfile @@ -1,6 +1,6 @@ # Multi-stage docker build # Build stage -FROM golang:1.17.6 AS builder +FROM golang@sha256:ec67c62f48ddfbca1ccaef18f9b3addccd707e1885fa28702a3954340786fcf6 AS builder LABEL maintainer="Kyverno"