diff --git a/.github/workflows/pr-trivy.yaml b/.github/workflows/pr-trivy.yaml index cee45e9b..e7cf9ae8 100644 --- a/.github/workflows/pr-trivy.yaml +++ b/.github/workflows/pr-trivy.yaml @@ -13,7 +13,7 @@ jobs: egress-policy: audit - name: Trivy fs scan - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: scan-type: 'fs' ignore-unfixed: true diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml index db457b32..54e43b49 100644 --- a/.github/workflows/report-on-vulnerabilities.yaml +++ b/.github/workflows/report-on-vulnerabilities.yaml @@ -19,7 +19,7 @@ jobs: egress-policy: audit - name: Scan for vulnerabilities - uses: aquasecurity/trivy-action@e368e328979b113139d6f9068e03accaed98a518 # 0.34.1 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: image-ref: ghcr.io/doodlescheduling/growthbook-controller:latest format: json