From 6e5784ed17f36c59a2f7ef2fd761dc8db5fadeb1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 21 Oct 2024 21:09:59 +0000
Subject: [PATCH] github-actions(deps): bump anchore/scan-action in
 /security-actions/sca

Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 4.1.2 to 5.1.0.
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/anchore/scan-action/compare/v4.1.2...v5.1.0)

---
updated-dependencies:
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 security-actions/sca/action.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/security-actions/sca/action.yml b/security-actions/sca/action.yml
index 9065107a..8cadb05d 100644
--- a/security-actions/sca/action.yml
+++ b/security-actions/sca/action.yml
@@ -127,7 +127,7 @@ runs:
         fail: true
 
     - name: Download Grype
-      uses: anchore/scan-action/download-grype@v4.1.2
+      uses: anchore/scan-action/download-grype@v5.1.0
 
     # Skip Cache Restoration: If skip_grype_db_cache is true, skip the restoration of the cache.
     # Check for any existing cache to reuse
@@ -203,7 +203,7 @@ runs:
 
     # Don't fail during report generation
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v4.1.2
+      uses: anchore/scan-action@v5.1.0
       id: grype_analysis_sarif
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} # Run only if DB is available on the runner }}
       with:
@@ -216,7 +216,7 @@ runs:
     # Don't fail during report generation
     # JSON format will report  any ignored rules
     - name: Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v4.1.2
+      uses: anchore/scan-action@v5.1.0
       id: grype_analysis_json
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }} # Run only if DB is available on the runner}}
       with:
@@ -268,7 +268,7 @@ runs:
     # Notify grype quick scan results in table format
     # Table format will supress any specified ignore rules
     - name: Inspect Vulnerability analysis of SBOM
-      uses: anchore/scan-action@v4.1.2
+      uses: anchore/scan-action@v5.1.0
       if: ${{ steps.sbom_report.outputs.files_exists == 'true' && steps.grype_db_check_updates.outputs.GRYPE_DB_UPDATE_STATUS == 0 }}
       with:
         sbom: ${{ steps.meta.outputs.sbom_spdx_file }}