From 37757a4fd7af7792929fe8709fe18e4c03eda405 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 10 Jun 2025 15:08:28 +0000 Subject: [PATCH] chore(deps): bump the gh-actions-packages group with 2 updates Bumps the gh-actions-packages group with 2 updates: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) and [github/codeql-action](https://github.com/github/codeql-action). Updates `aquasecurity/trivy-action` from 0.30.0 to 0.31.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5...76071ef0d7ec797419534a183b498b4d6366cf37) Updates `github/codeql-action` from 3.28.18 to 3.28.19 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...fca7ace96b7d713c7035871441bd52efbe39e27e) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.31.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-version: 3.28.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 4 ++-- .github/workflows/vuln-check.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a8a3cef..e612206 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: - name: Push images run: ./build --push - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0 + uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0 with: image-ref: '${{ steps.build.outputs.LATEST_IMAGE_TAG }}' format: 'sarif' @@ -55,6 +55,6 @@ jobs: TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 with: sarif_file: 'trivy-results.sarif' diff --git a/.github/workflows/vuln-check.yml b/.github/workflows/vuln-check.yml index b08e367..a9b7a4a 100644 --- a/.github/workflows/vuln-check.yml +++ b/.github/workflows/vuln-check.yml @@ -30,7 +30,7 @@ jobs: docker-images: false # Do not remove locally built images (including trivy scanner) - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6c175e9c4083a92bbca2f9724c8a5e33bc2d97a5 # v0.30.0 + uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 # v0.31.0 with: image-ref: 'ghcr.io/datadog/dd-trace-java-docker-build:latest' format: 'sarif' @@ -42,7 +42,7 @@ jobs: TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18 + uses: github/codeql-action/upload-sarif@fca7ace96b7d713c7035871441bd52efbe39e27e # v3.28.19 if: always() with: sarif_file: 'trivy-results.sarif'