diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml index 59b2f8df..6925cf78 100644 --- a/.github/actions/build-docker-image/action.yml +++ b/.github/actions/build-docker-image/action.yml @@ -96,17 +96,17 @@ runs: echo "filename=trivy-$(basename "${{ inputs.primaryTag }}" | tr '\\/:' '-').sarif" >> "${GITHUB_OUTPUT}" - name: Security Scan - uses: docker://aquasec/trivy:0.46.1 + uses: docker://aquasec/trivy:0.47.0 with: args: image --format json --ignore-unfixed ${{ inputs.primaryTag }} --output trivy.json - name: Print report - uses: docker://aquasec/trivy:0.46.1 + uses: docker://aquasec/trivy:0.47.0 with: args: convert --format=table trivy.json - name: Generate SARIF - uses: docker://aquasec/trivy:0.46.1 + uses: docker://aquasec/trivy:0.47.0 with: args: convert --format=sarif --output=${{ steps.filename.outputs.filename }} trivy.json if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name @@ -119,7 +119,7 @@ runs: continue-on-error: true - name: Prepare markdown report - uses: docker://aquasec/trivy:0.46.1 + uses: docker://aquasec/trivy:0.47.0 with: args: convert --format=template --template=@.github/actions/build-docker-image/markdown.tpl --output=trivy.md trivy.json if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name