diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 47a79cc..e8703e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,7 +104,7 @@ jobs: # Trivy Image Scan (SARIF) - name: Trivy scan - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: scan-type: image image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }} @@ -157,7 +157,7 @@ jobs: # Trivy scannt das lokale Image (kein GHCR-Pull nötig) - name: Trivy scan (local image) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: scan-type: image image-ref: ${{ env.LOCAL_TAG }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 88fab17..b7f161f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -128,7 +128,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy FS (SARIF) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 continue-on-error: true with: scan-type: fs @@ -145,7 +145,7 @@ jobs: category: trivy-fs-rebuild - name: Trivy Image (gate) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: image-ref: scan:${{ github.sha }} format: table @@ -229,7 +229,7 @@ jobs: cache-to: type=gha,mode=max - name: Trivy Image (SARIF) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: image-ref: scan:${{ github.sha }} format: sarif @@ -238,7 +238,7 @@ jobs: hide-progress: true - name: Trivy Image (enforce severity) - uses: aquasecurity/trivy-action@0.33.1 + uses: aquasecurity/trivy-action@0.34.0 with: image-ref: scan:${{ github.sha }} severity: CRITICAL,HIGH