diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e8703e7..afd457e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,7 +104,7 @@ jobs: # Trivy Image Scan (SARIF) - name: Trivy scan - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: scan-type: image image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} @@ -157,7 +157,7 @@ jobs: # Trivy scannt das lokale Image (kein GHCR-Pull nötig) - name: Trivy scan (local image) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: scan-type: image image-ref: ${{ env.LOCAL_TAG }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b7f161f..5a308ce 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -128,7 +128,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy FS (SARIF) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 continue-on-error: true with: scan-type: fs @@ -145,7 +145,7 @@ jobs: category: trivy-fs-rebuild - name: Trivy Image (gate) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: image-ref: scan:${{ github.sha }} format: table @@ -229,7 +229,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy Image (SARIF) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: image-ref: scan:${{ github.sha }} format: sarif @@ -238,7 +238,7 @@ jobs: hide-progress: true - name: Trivy Image (enforce severity) - uses: aquasecurity/trivy-action@0.34.0 + uses: aquasecurity/trivy-action@0.34.1 with: image-ref: scan:${{ github.sha }} severity: CRITICAL,HIGH