From 235242bcf330d466768212d92ca2a9641923d82a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jun 2026 11:05:30 +0000 Subject: [PATCH] Bump aquasecurity/trivy-action in the github-actions group Bumps the github-actions group with 1 update: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action). Updates `aquasecurity/trivy-action` from bfa4b33a029b9aa80ddb784b45574c30e072c59e to 476e4fdcdc675b65ce75e8c3440b48d7a494f0e5 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/bfa4b33a029b9aa80ddb784b45574c30e072c59e...476e4fdcdc675b65ce75e8c3440b48d7a494f0e5) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 476e4fdcdc675b65ce75e8c3440b48d7a494f0e5 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/security.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index 38fdc42..21fecf7 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -82,14 +82,14 @@ jobs: echo "image=code-marketplace:scan" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner (table output for logs) - uses: aquasecurity/trivy-action@bfa4b33a029b9aa80ddb784b45574c30e072c59e # v0.34.2 + uses: aquasecurity/trivy-action@476e4fdcdc675b65ce75e8c3440b48d7a494f0e5 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "table" severity: "LOW,MEDIUM,HIGH,CRITICAL" - name: Run Trivy vulnerability scanner (SARIF output for GitHub) - uses: aquasecurity/trivy-action@bfa4b33a029b9aa80ddb784b45574c30e072c59e # v0.34.2 + uses: aquasecurity/trivy-action@476e4fdcdc675b65ce75e8c3440b48d7a494f0e5 # v0.34.2 with: image-ref: ${{ steps.build.outputs.image }} format: "sarif"