diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 866e2654..426a0458 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -35,7 +35,7 @@ jobs: - name: Generate cosign vulnerability scan record # Third-party action, pin to commit SHA! # See https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 with: image-ref: "${{ env.IMAGE_NAME }}:${{ github.sha }}" format: "cosign-vuln" diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index e5e4ea08..71cf8386 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -143,7 +143,7 @@ jobs: uses: digitalservicebund/github-actions-linter@dccac3ada437947aada4bc901daff08ceb87c3f1 # v0.1.11 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 3dbea9e2..0cb267e6 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -19,7 +19,7 @@ jobs: uses: digitalservicebund/github-actions-linter@dccac3ada437947aada4bc901daff08ceb87c3f1 # v0.1.11 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}