diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 9c65727..d6ffc26 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -74,7 +74,7 @@ jobs: - name: Run Trivy vulnerability scanner # Third-party action, pin to commit SHA! # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 env: TRIVY_OFFLINE_SCAN: true with: @@ -90,7 +90,7 @@ jobs: - name: Generate cosign vulnerability scan record # Third-party action, pin to commit SHA! # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 env: TRIVY_OFFLINE_SCAN: true with: diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 2ee54a3..4efba6d 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -24,7 +24,7 @@ jobs: - name: Run Trivy vulnerability scanner # Third-party action, pin to commit SHA! # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} @@ -50,7 +50,7 @@ jobs: - name: Generate cosign vulnerability scan record # Third-party action, pin to commit SHA! # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}