diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index de52459d6..3a53dfdb1 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -656,7 +656,7 @@ jobs: format: 'table' severity: 'CRITICAL,HIGH' exit-code: '0' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' continue-on-error: true @@ -669,7 +669,7 @@ jobs: format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' continue-on-error: true @@ -882,7 +882,7 @@ jobs: trivyignores: '.trivyignore' severity: 'CRITICAL,HIGH' exit-code: '0' - version: 'v0.71.2' + version: 'v0.72.0' - name: Run Trivy scan on PR image (SARIF - blocking) id: trivy-scan @@ -897,7 +897,7 @@ jobs: # Keep scanning strict for CRITICAL/HIGH; fail is enforced explicitly # at the end so SARIF upload and summaries still run. exit-code: '1' - version: 'v0.71.2' + version: 'v0.72.0' continue-on-error: true - name: Check Trivy PR SARIF exists diff --git a/.github/workflows/nightly-build.yml b/.github/workflows/nightly-build.yml index 9419a56a3..f6e9147bc 100644 --- a/.github/workflows/nightly-build.yml +++ b/.github/workflows/nightly-build.yml @@ -592,7 +592,7 @@ jobs: image-ref: ${{ env.GHCR_REGISTRY }}/${{ env.IMAGE_NAME }}:nightly@${{ needs.build-and-push-nightly.outputs.digest }} format: 'sarif' output: 'trivy-nightly.sarif' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' - name: Upload Trivy results diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml index 80517d490..4300c0b88 100644 --- a/.github/workflows/security-pr.yml +++ b/.github/workflows/security-pr.yml @@ -373,7 +373,7 @@ jobs: format: 'sarif' output: 'trivy-binary-results.sarif' severity: 'CRITICAL,HIGH,MEDIUM' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' config: 'trivy.yaml' continue-on-error: true @@ -408,7 +408,7 @@ jobs: format: 'table' severity: 'CRITICAL,HIGH' exit-code: '1' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' config: 'trivy.yaml' diff --git a/.github/workflows/security-weekly-rebuild.yml b/.github/workflows/security-weekly-rebuild.yml index d234ad1a8..cb8bcf166 100644 --- a/.github/workflows/security-weekly-rebuild.yml +++ b/.github/workflows/security-weekly-rebuild.yml @@ -105,7 +105,7 @@ jobs: format: 'table' severity: 'CRITICAL,HIGH' exit-code: '1' # Fail workflow if vulnerabilities found - version: 'v0.71.2' + version: 'v0.72.0' continue-on-error: true - name: Run Trivy vulnerability scanner (SARIF) @@ -116,7 +116,7 @@ jobs: format: 'sarif' output: 'trivy-weekly-results.sarif' severity: 'CRITICAL,HIGH,MEDIUM' - version: 'v0.71.2' + version: 'v0.72.0' trivyignores: '.trivyignore' - name: Upload Trivy results to GitHub Security @@ -156,7 +156,7 @@ jobs: format: 'json' output: 'trivy-weekly-results.json' severity: 'CRITICAL,HIGH,MEDIUM,LOW' - version: 'v0.71.2' + version: 'v0.72.0' - name: Upload Trivy JSON results uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7