deps: bump aquasecurity/trivy-action from 0.5.0 to 0.19.0 (#221) · microsoft/retina@3f609c0

Commit

deps: bump aquasecurity/trivy-action from 0.5.0 to 0.19.0 (#221)

Bumps
[aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action)
from 0.5.0 to 0.19.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aquasecurity/trivy-action/releases">aquasecurity/trivy-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>bump trivy version to v0.50.1 by <a
href="https://github.com/simar7"><code>@simar7</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/324">aquasecurity/trivy-action#324</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.18.0...0.19.0">https://github.com/aquasecurity/trivy-action/compare/0.18.0...0.19.0</a></p>
<h2>v0.18.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs(report): improve documentation around <code>Using Trivy to
generate SBOM</code> and sending it to Github by <a
href="https://github.com/Maxim-Durand"><code>@Maxim-Durand</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/307">aquasecurity/trivy-action#307</a></li>
<li>fix: Refer to scan-ref when scan-type is &quot;sbom&quot; by <a
href="https://github.com/cococig"><code>@cococig</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/314">aquasecurity/trivy-action#314</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/Maxim-Durand"><code>@Maxim-Durand</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/307">aquasecurity/trivy-action#307</a></li>
<li><a href="https://github.com/cococig"><code>@cococig</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/314">aquasecurity/trivy-action#314</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.17.0...0.18.0">https://github.com/aquasecurity/trivy-action/compare/0.17.0...0.18.0</a></p>
<h2>v0.17.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: add configuration info for flags not supported by inputs by <a
href="https://github.com/DmitriyLewen"><code>@DmitriyLewen</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/296">aquasecurity/trivy-action#296</a></li>
<li>fix: Fix <code>skip-files</code> and <code>hide-progress</code>
options not being applied when using Sarif report format by <a
href="https://github.com/simao-silva"><code>@simao-silva</code></a> in
<a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/297">aquasecurity/trivy-action#297</a></li>
<li>Upgrades Trivy from 0.48.1 to v0.49.0 by <a
href="https://github.com/kderck"><code>@kderck</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/304">aquasecurity/trivy-action#304</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/simao-silva"><code>@simao-silva</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/297">aquasecurity/trivy-action#297</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.16.1...0.17.0">https://github.com/aquasecurity/trivy-action/compare/0.16.1...0.17.0</a></p>
<h2>v0.16.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update Trivy to 0.48.1 by <a
href="https://github.com/MartiUK"><code>@MartiUK</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/291">aquasecurity/trivy-action#291</a></li>
<li>docs: fix typo in README.md by <a
href="https://github.com/hairmare"><code>@hairmare</code></a> in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/293">aquasecurity/trivy-action#293</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/MartiUK"><code>@MartiUK</code></a> made
their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/291">aquasecurity/trivy-action#291</a></li>
<li><a href="https://github.com/hairmare"><code>@hairmare</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/293">aquasecurity/trivy-action#293</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.16.0...0.16.1">https://github.com/aquasecurity/trivy-action/compare/0.16.0...0.16.1</a></p>
<h2>v0.16.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to trivy version 0.48.0 by <a
href="https://github.com/pragmaticivan"><code>@pragmaticivan</code></a>
in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/289">aquasecurity/trivy-action#289</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/pragmaticivan"><code>@pragmaticivan</code></a>
made their first contribution in <a
href="https://redirect.github.com/aquasecurity/trivy-action/pull/289">aquasecurity/trivy-action#289</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0">https://github.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0</a></p>
<h2>v0.15.0</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/d710430a6722f083d3b36b8339ff66b32f22ee55"><code>d710430</code></a>
bump trivy version to v0.50.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/324">#324</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/062f2592684a31eb3aa050cc61e7ca1451cecd3d"><code>062f259</code></a>
fix: Refer to scan-ref when scan-type is &quot;sbom&quot; (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/314">#314</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/1f6384b6ceecbbc6673526f865b818a2a06b07c9"><code>1f6384b</code></a>
docs(report): improve documentation around <code>Using Trivy to generate
SBOM</code> and...</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/84384bd6e777ef152729993b8145ea352e9dd3ef"><code>84384bd</code></a>
Upgraded Trivy from 0.48.1 to v0.49.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/304">#304</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/f3d98514b056d8c71a3552e8328c225bc7f6f353"><code>f3d9851</code></a>
fix: Fix <code>skip-files</code> and <code>hide-progress</code> options
not being applied when usin...</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/0b9d17b6b5fdec04f3d5b5b9c4cd20058c7e4cbf"><code>0b9d17b</code></a>
docs: add configuration info for flags not supported by inputs (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/296">#296</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca"><code>d43c1f1</code></a>
docs: fix typo in README.md (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/293">#293</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/5f1841df8d34621a80bd1c6224be425990b2a8f6"><code>5f1841d</code></a>
Update Trivy to 0.48.1 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/291">#291</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/91713af97dc80187565512baba96e4364e983601"><code>91713af</code></a>
Update to trivy version 0.48.0 (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/289">#289</a>)</li>
<li><a
href="https://github.com/aquasecurity/trivy-action/commit/22d2755f774d925b191a185b74e782a4b0638a41"><code>22d2755</code></a>
feature(config): add terraform variable files (<a
href="https://redirect.github.com/aquasecurity/trivy-action/issues/285">#285</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/aquasecurity/trivy-action/compare/7b7aa264d83dc58691451798b4d117d53d21edfe...d710430a6722f083d3b36b8339ff66b32f22ee55">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aquasecurity/trivy-action&package-manager=github_actions&previous-version=0.5.0&new-version=0.19.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Loading branch information

dependabot[bot] authored Apr 4, 2024

1 parent bc82804 commit 3f609c0

.github/workflows/trivy.yaml

-Original file line number
+Diff line change
@@ Expand Up / @@ -30,7 +30,7 @@ jobs: @@
               echo "TAG=$(make version)" >> $GITHUB_ENV
           - name: Run Trivy vulnerability scanner
-            uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
+            uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
             with:
               image-ref: "ghcr.io/${{ github.repository }}/${{ matrix.image }}:${{ env.TAG }}"
               format: "template"
@@ Expand Down @@

0 comments on commit `3f609c0`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `3f609c0`

Commit

There are no files selected for viewing

0 comments on commit 3f609c0

0 comments on commit `3f609c0`