Merge pull request #1806 from NASA-AMMOS/patch/pin-trivy-action-version

Pin trivy-action to save 0.24.0 in response to security compromise

Author: dandelany

.github/workflows/publish.yml

@@ -158,7 +158,8 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Scan ${{ matrix.image }} for vulnerabilities
-        uses: aquasecurity/trivy-action@0.24.0
+        # pinned to commit for release https://github.com/aquasecurity/trivy-action/releases/tag/v0.24.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
         env:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db