Merge pull request #31 from trustyai-explainability/tarilabs-patch-1

Pin Trivy action to specific commit version

Author: m-misiura

.github/workflows/security.yml

@@ -41,7 +41,7 @@ jobs:
         run: poetry install --with dev
 
       - name: Run Trivy filesystem scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -51,7 +51,7 @@ jobs:
           exit-code: "0"
 
       - name: Run Trivy dependency scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -62,7 +62,7 @@ jobs:
           exit-code: "0"
 
       - name: Check for critical and high vulnerabilities
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: "fs"
           scan-ref: "."