Upgrade trivy to v0.52.0 (#364 )

chore(docs): Reference the use of a pinned version (#356 )
bump trivy version to v0.51.2 (#360 )
2024-06-06 17:41:36 -06:00 · 2024-05-22 18:59:56 -06:00 · 2024-05-21 16:33:02 -06:00
3 changed files with 17 additions and 17 deletions
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -6,7 +6,7 @@ on:
  workflow_dispatch:

 env:
-  TRIVY_VERSION: 0.51.1
+  TRIVY_VERSION: 0.52.0
  BATS_LIB_PATH: '/usr/lib/'

 jobs:
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM ghcr.io/aquasecurity/trivy:0.51.1
+FROM ghcr.io/aquasecurity/trivy:0.52.0
 COPY entrypoint.sh /
 RUN apk --no-cache add bash curl npm
 RUN chmod +x /entrypoint.sh
--- a/README.md
+++ b/README.md
@@ -39,7 +39,7 @@ jobs:
        run: |
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'table'
@@ -67,7 +67,7 @@ jobs:
      uses: actions/checkout@v3

    - name: Run Trivy vulnerability scanner in fs mode
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@0.20.0
      with:
        scan-type: 'fs'
        scan-ref: '.'
@@ -117,7 +117,7 @@ jobs:
        docker save -o vuln-image.tar <your-docker-image>

    - name: Run Trivy vulnerability scanner in tarball mode
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@0.20.0
      with:
        input: /github/workspace/vuln-image.tar
        severity: 'CRITICAL,HIGH'
@@ -145,7 +145,7 @@ jobs:
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'sarif'
@@ -180,7 +180,7 @@ jobs:
          docker build -t docker.io/my-organization/my-app:${{ github.sha }} .

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'sarif'
@@ -215,7 +215,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          scan-type: 'fs'
          ignore-unfixed: true
@@ -249,7 +249,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner with rootfs command
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          scan-type: 'rootfs'
          scan-ref: 'rootfs-example-binary'
@@ -284,7 +284,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          scan-type: 'config'
          hide-progress: true
@@ -328,7 +328,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          scan-type: 'fs'
          format: 'github'
@@ -359,7 +359,7 @@ jobs:
    runs-on: ubuntu-20.04
    steps:
      - name: Scan image in a private registry
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: "private_image_registry/image_name:image_tag"
          scan-type: image
@@ -402,7 +402,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'sarif'
@@ -438,7 +438,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'aws_account_id.dkr.ecr.region.amazonaws.com/imageName:${{ github.sha }}'
          format: 'sarif'
@@ -474,7 +474,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'sarif'
@@ -507,7 +507,7 @@ jobs:
        uses: actions/checkout@v3

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.20.0
        with:
          image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
          format: 'sarif'
@@ -530,7 +530,7 @@ This step is especially useful for private repositories without [GitHub Advanced

 ```yaml
 - name: Run Trivy scanner
-  uses: aquasecurity/trivy-action@master
+  uses: aquasecurity/trivy-action@0.20.0
  with:
    scan-type: config
    hide-progress: true
Author	SHA1	Message	Date
Francisco Javier Barón	595be6a0f6	Upgrade trivy to v0.52.0 (#364 )	2024-06-06 17:41:36 -06:00
simar7	841fb371db	chore(docs): Reference the use of a pinned version (#356 )	2024-05-22 18:59:56 -06:00
Vinayak S	fd25fed697	bump trivy version to v0.51.2 (#360 ) * bump trivy version to v0.51.2 * bump trivy version to v0.51.2	2024-05-21 16:33:02 -06:00