AnchorFree · ivan-necheporenko · Mar 20, 2026 · Mar 20, 2026
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -1,96 +1,96 @@
 # Workflow managed by https://github.com/AnchorFree/workflows/
-name: Trivy scan
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    types: [opened, reopened, synchronize]
-  schedule:
-    # 00:00 every 14 days 
-    - cron: 0 0 */14 * *
-
-permissions:
-  contents: read
-
-jobs:
-  trivy-repo-scan:
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    name: Trivy repo scan
-    runs-on: ubuntu-latest
-    env:
-      TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
-      TRIVY_JAVA_DB_REPOSTITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          lfs: true
-          submodules: recursive
-
-      - name: Checkout LFS objects
-        run: git lfs checkout
-
-      - name: Run Trivy vulnerability scanner in repo mode (table)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          scan-type: 'fs'
-          ignore-unfixed: true
-          format: 'table'
-
-      - name: Run Trivy vulnerability scanner in repo mode (sarif)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          scan-type: 'fs'
-          ignore-unfixed: true
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
-
-  trivy-image-scan:
-    permissions:
-      contents: read
-      security-events: write
-      actions: read
-    name: Trivy image scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          lfs: true
-          submodules: recursive
-
-      - name: Checkout LFS objects
-        run: git lfs checkout
-
-      - name: Build an image from Dockerfile
-        run: |
-          docker build -t ${{ github.sha }} .
-
-      - name: Run Trivy vulnerability scanner in image mode (table output)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: '${{ github.sha }}'
-          ignore-unfixed: true
-          format: 'table'
-
-      - name: Run Trivy vulnerability scanner in image mode (sarif output)
-        uses: aquasecurity/trivy-action@0.24.0
-        with:
-          image-ref: '${{ github.sha }}'
-          ignore-unfixed: true
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
+name: Trivy scan
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    types: [opened, reopened, synchronize]
+  schedule:
+    # 00:00 every 14 days
+    - cron: 0 0 */14 * *
+
+permissions:
+  contents: read
+
+jobs:
+  trivy-repo-scan:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy repo scan
+    runs-on: ubuntu-latest
+    env:
+      TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+      TRIVY_JAVA_DB_REPOSTITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          lfs: true
+          submodules: recursive
+
+      - name: Checkout LFS objects
+        run: git lfs checkout
+
+      - name: Run Trivy vulnerability scanner in repo mode (table)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'table'
+
+      - name: Run Trivy vulnerability scanner in repo mode (sarif)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  trivy-image-scan:
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
+    name: Trivy image scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          lfs: true
+          submodules: recursive
+
+      - name: Checkout LFS objects
+        run: git lfs checkout
+
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t ${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner in image mode (table output)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        with:
+          image-ref: '${{ github.sha }}'
+          ignore-unfixed: true
+          format: 'table'
+
+      - name: Run Trivy vulnerability scanner in image mode (sarif output)
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        with:
+          image-ref: '${{ github.sha }}'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        with:
+          sarif_file: 'trivy-results.sarif'