diff --git a/.github/workflows/devcontainer-build.yaml b/.github/workflows/devcontainer-build.yaml index c46f7c1684..8c8a55637b 100644 --- a/.github/workflows/devcontainer-build.yaml +++ b/.github/workflows/devcontainer-build.yaml @@ -23,7 +23,7 @@ jobs: - name: Build devcontainer image run: docker build .devcontainer - name: Trivy Scan Image - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-build.yaml b/.github/workflows/images-build.yaml index 3a1e4b25e3..34d7be12e0 100644 --- a/.github/workflows/images-build.yaml +++ b/.github/workflows/images-build.yaml @@ -32,7 +32,7 @@ jobs: - name: ko build run: VERSION=${{ github.ref_name }} make ko-build-all - name: Trivy Scan Image - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/images-publish.yaml b/.github/workflows/images-publish.yaml index bcf1f190ea..4bddaddfab 100644 --- a/.github/workflows/images-publish.yaml +++ b/.github/workflows/images-publish.yaml @@ -40,7 +40,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6324d133f9..83641b3a8c 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -35,7 +35,7 @@ jobs: uses: ./.github/actions/setup-build-env timeout-minutes: 30 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index 8f62222693..2355dc9190 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -30,7 +30,7 @@ jobs: echo "releasebranch2=$releasebranch2" >> $GITHUB_OUTPUT - name: Scan for vulnerabilities in latest image - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest format: json @@ -42,7 +42,7 @@ jobs: # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577 TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' - name: Scan for vulnerabilities in latest-1 image - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch1 }} format: json @@ -54,7 +54,7 @@ jobs: # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577 TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' - name: Scan for vulnerabilities in latest-2 image - uses: aquasecurity/trivy-action@f781cce5aab226378ee181d764ab90ea0be3cdd8 # v0.25.0 + uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb # v0.26.0 with: image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.get-branches.outputs.releasebranch2 }} format: json