chore: [#415] update trivy-action from 0.34.0 to 0.35.0

josecelano · josecelano · commit 8a269d10b592 · 2026-04-06T11:16:22.000+01:00
diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
@@ -62,7 +62,7 @@ jobs:
       # Human-readable output in logs
       # This NEVER fails the job; it’s only for visibility
       - name: Display vulnerabilities (table format)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: torrust-tracker-deployer/${{ matrix.image.name }}:latest
           format: "table"
@@ -76,7 +76,7 @@ jobs:
       # - Trivy sometimes exits with 1 even when no vulns exist
       # - GitHub Security UI is responsible for enforcement
       - name: Generate SARIF (Code Scanning)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: torrust-tracker-deployer/${{ matrix.image.name }}:latest
           format: "sarif"
@@ -114,7 +114,7 @@ jobs:
 
     steps:
       - name: Display vulnerabilities (table format)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: ${{ matrix.image }}
           format: "table"
@@ -124,7 +124,7 @@ jobs:
       # Third-party images should NEVER block CI.
       # We only report findings to GitHub Security.
       - name: Generate SARIF (Code Scanning)
-        uses: aquasecurity/trivy-action@0.34.0
+        uses: aquasecurity/trivy-action@0.35.0
         with:
           image-ref: ${{ matrix.image }}
           format: "sarif"
