From 2fec21c839dc468ae42f07f5df806b69d0e6d3cc Mon Sep 17 00:00:00 2001 From: Andrei Aaron Date: Thu, 26 Mar 2026 10:24:06 +0200 Subject: [PATCH] chore: pin trivy-action to safe version (#3897) See https://github.com/aquasecurity/trivy/discussions/10425#discussion-9699852 Signed-off-by: Andrei Aaron --- .github/workflows/publish.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index a0063c17..fdaa22d1 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -235,7 +235,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@57a97c7 with: image-ref: 'ghcr.io/${{ github.repository_owner }}/zot-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' @@ -244,7 +244,7 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner (minimal) - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@57a97c7 with: image-ref: 'ghcr.io/${{ github.repository_owner }}/zot-minimal-${{ matrix.os }}-${{ matrix.arch }}:${{ github.event.release.tag_name }}' format: 'sarif' @@ -272,7 +272,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@57a97c7 with: image-ref: 'ghcr.io/${{ github.repository_owner }}/zot:${{ github.event.release.tag_name }}' format: 'sarif' @@ -281,7 +281,7 @@ jobs: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Run Trivy vulnerability scanner (minimal) - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@57a97c7 with: image-ref: 'ghcr.io/${{ github.repository_owner }}/zot-minimal:${{ github.event.release.tag_name }}' format: 'sarif'