Skip to content

build(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.35.0 in /.github/workflows in the github_actions group across 1 directory #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dependabot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.35.0 in /.github/workflows in the github_actions group across 1 directory #33

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/mcp-docker-build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ jobs:
fi

- name: Run Trivy vulnerability scanner (diagnostic output)
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: 'cyberchef-mcp:latest'
format: 'table'
Expand All @@ -103,7 +103,7 @@ jobs:
exit-code: '0' # Don't fail - this is diagnostic only

- name: Run Trivy vulnerability scanner (SARIF for code scanning)
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: 'cyberchef-mcp:latest'
format: 'sarif'
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/mcp-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ jobs:
# - Compliance documentation (SOC 2, ISO 27001, NIST SSDF)
# - Manual verification and archival
- name: Generate SBOM with Trivy (CycloneDX artifact)
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: '${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_IMAGE_NAME }}:latest'
format: 'cyclonedx'
Expand All @@ -148,7 +148,7 @@ jobs:

# Security: Run vulnerability scan on release image (scanning Docker Hub image)
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: '${{ env.DOCKERHUB_REGISTRY }}/${{ env.DOCKERHUB_IMAGE_NAME }}:latest'
format: 'sarif'
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/security-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ jobs:
fi

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: 'cyberchef-mcp:scan'
format: 'sarif'
Expand All @@ -110,7 +110,7 @@ jobs:
category: 'trivy-container-scan'

- name: Run Trivy in table format for logs
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
if: github.event_name == 'pull_request'
with:
image-ref: 'cyberchef-mcp:scan'
Expand Down Expand Up @@ -157,7 +157,7 @@ jobs:
fi

- name: Run Trivy filesystem scan
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
scan-type: 'fs'
scan-ref: '.'
Expand Down Expand Up @@ -208,7 +208,7 @@ jobs:
load: true

- name: Generate SBOM with Trivy
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: 'cyberchef-mcp:sbom'
format: 'cyclonedx'
Expand Down
Loading