chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0

dependabot[bot] · web-flow · commit a036fb27fc42 · 2026-05-12T07:04:26.000Z
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/nightly-trivy-scan.yml b/.github/workflows/nightly-trivy-scan.yml
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v6
       - name: Run Trivy vulnerability scanner
         # tag 0.35.0, get the commit hash from https://github.com/aquasecurity/trivy-action.git
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25
         with:
           image-ref: 'docker.io/goharbor/${{ matrix.images }}:${{ matrix.tags }}'
           severity: 'CRITICAL,HIGH'
