From a3e889b4eb87a51013e6f79a813e6be9a39a2f5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Jun 2026 08:09:01 +0000 Subject: [PATCH] Bump aquasecurity/trivy-action in the github-actions group Bumps the github-actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `aquasecurity/trivy-action` from 314ff8b43182423b84c50b1670b0e10f858f2d98 to bfa4b33a029b9aa80ddb784b45574c30e072c59e - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/314ff8b43182423b84c50b1670b0e10f858f2d98...bfa4b33a029b9aa80ddb784b45574c30e072c59e) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: bfa4b33a029b9aa80ddb784b45574c30e072c59e dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/security.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index cfd23b3..fe787bc 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -82,14 +82,14 @@ jobs: echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner (table output for logs) - uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # v0.34.2 + uses: aquasecurity/trivy-action@bfa4b33a029b9aa80ddb784b45574c30e072c59e # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "table" severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Run Trivy vulnerability scanner (SARIF output for GitHub) - uses: aquasecurity/trivy-action@314ff8b43182423b84c50b1670b0e10f858f2d98 # v0.34.2 + uses: aquasecurity/trivy-action@bfa4b33a029b9aa80ddb784b45574c30e072c59e # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "sarif"