ci: use the latest version of Trivy for security scans

Automattic · Sep 30, 2024 · a0a5ba5 · a0a5ba5
1 parent 56f48f4
commit a0a5ba5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml
@@ -128,17 +128,17 @@ runs:
         echo "filename=trivy-$(basename "${{ inputs.primaryTag }}" | tr '\\/:' '-').sarif" >> "${GITHUB_OUTPUT}"
 
     - name: Security Scan
-      uses: docker://aquasec/trivy:0.48.3
+      uses: docker://aquasec/trivy:0.55.2
       with:
         args: image --format json --ignore-unfixed --vuln-type os ${{ inputs.primaryTag }} --output trivy.json
 
     - name: Print report
-      uses: docker://aquasec/trivy:0.48.3
+      uses: docker://aquasec/trivy:0.55.2
       with:
         args: convert --format=table trivy.json
 
     - name: Generate SARIF
-      uses: docker://aquasec/trivy:0.48.3
+      uses: docker://aquasec/trivy:0.55.2
       with:
         args: convert --format=sarif --output=${{ steps.filename.outputs.filename }} trivy.json
       if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
@@ -151,7 +151,7 @@ runs:
       continue-on-error: true
 
     - name: Prepare markdown report
-      uses: docker://aquasec/trivy:0.48.3
+      uses: docker://aquasec/trivy:0.55.2
       with:
         args: convert --format=template [email protected]/actions/build-docker-image/markdown.tpl --output=trivy.md trivy.json
       if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name