Skip to content

Commit 6c07e81

Browse files
committed
Merge #369: chore(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 in /.github/workflows
5c7df34 chore(deps): bump aquasecurity/trivy-action in /.github/workflows (dependabot[bot]) Pull request description: Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.33.1 to 0.34.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's releases</a>.</em></p> <blockquote> <h2>v0.34.0</h2> <h2>What's Changed</h2> <ul> <li>ci: use setup-bats in bump-trivy workflow by <a href="https://github.com/nikpivkin"><code>@nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/494">aquasecurity/trivy-action#494</a></li> <li>chore: update README by <a href="https://github.com/nikpivkin"><code>@nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/493">aquasecurity/trivy-action#493</a></li> <li>ci: install trivy in bump-trivy workflow and update tests by <a href="https://github.com/nikpivkin"><code>@nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/495">aquasecurity/trivy-action#495</a></li> <li>chore(deps): Update trivy to v0.68.1 by <a href="https://github.com/aqua-bot"><code>@aqua-bot</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/496">aquasecurity/trivy-action#496</a></li> <li>ci: use checks bundle v2 in sync workflow by <a href="https://github.com/nikpivkin"><code>@nikpivkin</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/505">aquasecurity/trivy-action#505</a></li> <li>chore(deps): Update trivy to v0.69.1 by <a href="https://github.com/aqua-bot"><code>@aqua-bot</code></a> in <a href="https://redirect.github.com/aquasecurity/trivy-action/pull/506">aquasecurity/trivy-action#506</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0">https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aquasecurity/trivy-action/commit/c1824fd6edce30d7ab345a9989de00bbd46ef284"><code>c1824fd</code></a> chore(deps): Update trivy to v0.69.1 (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/506">#506</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/bc61dc55704e2d5704760f3cdab0d09acf16e4ca"><code>bc61dc5</code></a> Merge commit from fork</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/5eb7ef2605dd123171cc50b6be71f3b1fefb6a13"><code>5eb7ef2</code></a> ci: use checks bundle v2 in sync workflow (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/505">#505</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/22438a435773de8c97dc0958cc0b823c45b064ac"><code>22438a4</code></a> Merge pull request <a href="https://redirect.github.com/aquasecurity/trivy-action/issues/496">#496</a> from aquasecurity/bump-trivy-1765431074</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/0024b3f39eb28238f271395b86ec43ee831aa97e"><code>0024b3f</code></a> chore(deps): Update trivy to v0.68.1</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/83690f7d38282f3c235caa2aac0043f2b4fe6134"><code>83690f7</code></a> ci: install trivy in bump-trivy workflow and update tests (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/495">#495</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/df65449f48b89ca7da6699b2d7620f4eaac2355b"><code>df65449</code></a> chore: update README (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/493">#493</a>)</li> <li><a href="https://github.com/aquasecurity/trivy-action/commit/0317097f59169a66937f3f5b95d7f8b7cee1b7eb"><code>0317097</code></a> ci: use setup-bats in bump-trivy workflow (<a href="https://redirect.github.com/aquasecurity/trivy-action/issues/494">#494</a>)</li> <li>See full diff in <a href="https://github.com/aquasecurity/trivy-action/compare/0.33.1...0.34.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy-action&package-manager=github_actions&previous-version=0.33.1&new-version=0.34.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/torrust/torrust-tracker-deployer/network/alerts). </details> ACKs for top commit: josecelano: ACK 5c7df34 Tree-SHA512: b7067040ab210d212c4a6cfc5678d021adacc113aa6e9b9397f31d7b3639415c786d4b88e34ddb36b8a68d27a87906b01fbcb63f1af06e5bd3da10c4d034d606
2 parents 0b9eca4 + 5c7df34 commit 6c07e81

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

.github/workflows/docker-security-scan.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ jobs:
6262
# Human-readable output in logs
6363
# This NEVER fails the job; it’s only for visibility
6464
- name: Display vulnerabilities (table format)
65-
uses: aquasecurity/trivy-action@0.33.1
65+
uses: aquasecurity/trivy-action@0.34.0
6666
with:
6767
image-ref: torrust-tracker-deployer/${{ matrix.image.name }}:latest
6868
format: "table"
@@ -76,7 +76,7 @@ jobs:
7676
# - Trivy sometimes exits with 1 even when no vulns exist
7777
# - GitHub Security UI is responsible for enforcement
7878
- name: Generate SARIF (Code Scanning)
79-
uses: aquasecurity/trivy-action@0.33.1
79+
uses: aquasecurity/trivy-action@0.34.0
8080
with:
8181
image-ref: torrust-tracker-deployer/${{ matrix.image.name }}:latest
8282
format: "sarif"
@@ -114,7 +114,7 @@ jobs:
114114

115115
steps:
116116
- name: Display vulnerabilities (table format)
117-
uses: aquasecurity/trivy-action@0.33.1
117+
uses: aquasecurity/trivy-action@0.34.0
118118
with:
119119
image-ref: ${{ matrix.image }}
120120
format: "table"
@@ -124,7 +124,7 @@ jobs:
124124
# Third-party images should NEVER block CI.
125125
# We only report findings to GitHub Security.
126126
- name: Generate SARIF (Code Scanning)
127-
uses: aquasecurity/trivy-action@0.33.1
127+
uses: aquasecurity/trivy-action@0.34.0
128128
with:
129129
image-ref: ${{ matrix.image }}
130130
format: "sarif"

0 commit comments

Comments
 (0)