From 49dcbffab9a40a2b40edb0bc77dfc2254db0b485 Mon Sep 17 00:00:00 2001
From: Aaron Steinfeld <aaron@traceable.ai>
Date: Fri, 29 Aug 2025 12:44:22 -0400
Subject: [PATCH 1/2] ci: pin trivy

---
 trivy-fs-scan/action.yaml   | 2 +-
 trivy-image-scan/action.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/trivy-fs-scan/action.yaml b/trivy-fs-scan/action.yaml
index 525b3ff..fb4c7f1 100644
--- a/trivy-fs-scan/action.yaml
+++ b/trivy-fs-scan/action.yaml
@@ -73,7 +73,7 @@ runs:
         touch .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         scan-type: 'fs'
         scan-ref: ${{ inputs.scan-ref }}
diff --git a/trivy-image-scan/action.yml b/trivy-image-scan/action.yml
index 3a72dcb..9c8563b 100644
--- a/trivy-image-scan/action.yml
+++ b/trivy-image-scan/action.yml
@@ -86,7 +86,7 @@ runs:
         cat $GITHUB_ACTION_PATH/.trivyignore >> .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}
@@ -104,7 +104,7 @@ runs:
 
     - name: Rerun Trivy vulnerability scanner with logging
       if: failure() && inputs.output-mode != 'log'
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}

From 7b801698b65ebfd584a965e293089b765b7a734d Mon Sep 17 00:00:00 2001
From: Aaron Steinfeld <aaron@traceable.ai>
Date: Fri, 29 Aug 2025 12:45:14 -0400
Subject: [PATCH 2/2] ci: remove codeowners

---
 .github/CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index f8c9490..5d7e714 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,5 +1,5 @@
 # Each line is a file pattern followed by one or more owners.
 
 # global
-* @jbahire @aaron-steinfeld @kotharironak @ravisingal @tim-mwangi
+* @aaron-steinfeld @ravisingal @tim-mwangi