build(deps): Bump github.com/docker/docker from 24.0.7+incompatible to 24.0.9+incompatible #1163

	name: trivy

	on:
	pull_request:
	branches: [ "main" ]

	permissions:
	contents: read

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: Checkout code
	uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601
	with:
	scan-type: 'fs'
	scan-ref: '.'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'trivy-results.sarif'
	severity: 'MEDIUM,CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@74e8f231851deb9b54c3e408f88638dd39727868
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback