build(deps): Bump github.com/spiffe/spire-api-sdk from 1.9.4 to 1.10.1 #1256

	name: trivy

	on:
	pull_request:
	branches: [ "main" ]

	permissions:
	contents: read

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results

	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4
	with:
	egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs

	- name: Checkout code
	uses: actions/checkout@d0651293c4a5a52e711f25b41b05b2212f385d28

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55
	with:
	scan-type: 'fs'
	scan-ref: '.'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'trivy-results.sarif'
	severity: 'MEDIUM,CRITICAL,HIGH'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@74e8f231851deb9b54c3e408f88638dd39727868
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback