chore(ci): bump aquasecurity/trivy-action from 0.11.0 to 0.11.2 (#45)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.11.0 to 0.11.2. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.11.0...0.11.2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
radiorabe · Jun 12, 2023 · b50dc54 · b50dc54
1 parent 957309f
commit b50dc54
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/.github/workflows/release-container.yaml b/.github/workflows/release-container.yaml
@@ -123,7 +123,7 @@ jobs:
           DOCKER_CONTENT_TRUST: 1
 
       - name: Run Trivy vulnerability scanner (sarif)
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           image-ref: '${{ inputs.image }}:${{ steps.meta.outputs.version }}'
           format: 'sarif'
@@ -169,7 +169,7 @@ jobs:
       # see https://github.com/aquasecurity/trivy/issues/3243 for why we run it twice
       # we create a vuln.jsn if we also plan on uploading it as attestation
       - name: Run Trivy vulnerability scanner (cosign-vuln)
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.11.2
         if: github.event_name != 'pull_request' && startsWith(github.event.ref, 'refs/tags/v')
         with:
           image-ref: '${{ inputs.image }}:${{ steps.meta.outputs.version }}'

diff --git a/.github/workflows/schedule-trivy.yaml b/.github/workflows/schedule-trivy.yaml
@@ -35,7 +35,7 @@ jobs:
         uses: sigstore/cosign-installer@v3.0.5
 
       - name: Run Trivy vulnerability scanner (sarif)
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           image-ref: ${{ inputs.image-ref }}
           timeout: ${{ inputs.timeout }}
@@ -53,7 +53,7 @@ jobs:
       # see https://github.com/aquasecurity/trivy/issues/3243 for why we run it twice
       # we create a vuln.jsn if we also plan on uploading it as attestation
       - name: Run Trivy vulnerability scanner (cosign-vuln)
-        uses: aquasecurity/trivy-action@0.11.0
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           image-ref: 'ghcr.io/radiorabe/ubi9-minimal:${{ steps.meta.outputs.version }}'
           format: 'cosign-vuln'