aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
221 Commits 7 Branches 75 Tags
dada78485d6b2b310d433af366da35a70cf01102
Commit Graph

221 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Patrik Csak dada78485d Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547) 2026-04-17 10:50:30 +06:00
Yamada Hayao 4a2deec910 fix: use portable shebang in entrypoint.sh (#545) 2026-04-17 10:19:18 +06:00
dependabot[bot] 1994662b55 chore(deps): bump the actions group with 5 updates (#558) 
* chore(deps): bump the actions group with 5 updates

Bumps the actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) | `e6c2c5e321ed9123bda567646e2f96565e34abe1` | `3fb12ec12f41e471780db15c232d5dd185dcb514` |
| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `5.0.4` |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |
| [bats-core/bats-action](https://github.com/bats-core/bats-action) | `3.0.1` | `4.0.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.2` |


Updates `aquasecurity/setup-trivy` from e6c2c5e321ed9123bda567646e2f96565e34abe1 to 3fb12ec12f41e471780db15c232d5dd185dcb514
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases)
- [Commits](https://github.com/aquasecurity/setup-trivy/compare/e6c2c5e321ed9123bda567646e2f96565e34abe1...3fb12ec12f41e471780db15c232d5dd185dcb514)

Updates `actions/cache` from 4.2.4 to 5.0.4
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...27d5ce7f107fe9357f9df03efb73ab90386fccae)

Updates `actions/checkout` from 4.3.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd)

Updates `bats-core/bats-action` from 3.0.1 to 4.0.0
- [Release notes](https://github.com/bats-core/bats-action/releases)
- [Commits](https://github.com/bats-core/bats-action/compare/42fcc8700f773c075a16a90eb11674c0318ad507...77d6fb60505b4d0d1d73e48bd035b55074bbfb43)

Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](https://github.com/zizmorcore/zizmor-action/compare/0dce2577a4760a2749d8cfb7a84b7d5585ebcb7d...b1d7e1fb5de872772f31590499237e7cce841e8e)

---
updated-dependencies:
- dependency-name: aquasecurity/setup-trivy
  dependency-version: 3fb12ec12f41e471780db15c232d5dd185dcb514
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 5.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: bats-core/bats-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>

* style: change setup-trivy version in comment

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2026-04-15 15:22:02 +06:00
Nikita Pivkin 6b36659d99 chore: add zizmor config (#557) 2026-04-15 14:40:40 +06:00
Nikita Pivkin 316aa5aebe ci: add dependabot config (#556) 2026-04-15 14:40:22 +06:00
Nikita Pivkin 264c9c5e18 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555) 2026-04-13 14:53:11 +06:00
Nikita Pivkin aeb13962e8 ci: replace peter-evans/create-pull-request with gh CLI (#550) 
* ci: replace peter-evans/create-pull-request with gh CLI

* chore: use ID+USERNAME pattern for GH actions bot

* chore: add specific files to git index

* chore: merge check outputs into create PR step
 2026-04-13 13:49:15 +06:00
Nikita Pivkin f685ba7215 ci: use action.yaml as single source of truth for Trivy version (#552) 
* ci: use action.yaml as single source of truth for Trivy version

* dev: add yq check and configurable Trivy install directory
 2026-04-10 17:29:15 +06:00
DmitriyLewen 34f2b232c5 chore(ci): update bump-trivy workflow (#546) 2026-04-10 14:17:09 +06:00
Aqua Security automated builds 57a97c7e78 chore(deps): Update trivy to v0.69.3 (#519) 
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com>
0.35.0 v0.35.0 		2026-03-04 13:13:53 +06:00
DmitriyLewen 97e0b3872f chore: bump Trivy version to v0.69.2 in test workflow and README (#515) 2026-03-02 09:22:29 +06:00
Nicholas Jackson 4c61e6329b chore: bump default Trivy version to v0.69.2 (#513) 2026-03-02 08:54:24 +06:00
Nikita Pivkin 1bd062560b Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file 
feat: add YAML support for trivyignores
 2026-02-25 17:27:51 +06:00
Nikita Pivkin bce3086c4a remove unused init-cache target 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 15:17:00 +06:00
Nikita Pivkin 5a9fbb1236 supress progress bar when download db 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 15:15:54 +06:00
Nikita Pivkin 16154502ca update trivyignores input description 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 13:20:10 +06:00
Nikita Pivkin df85774a45 add comment about fd3 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 13:06:11 +06:00
Nikita Pivkin 56c8daebb9 remove unused variable 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-25 12:50:43 +06:00
DmitriyLewen e368e32897 ci(test): add zizmor security linter for GitHub Actions (#502) 
* ci: add zizmor security linter for GitHub Actions

* ci: disable advanced-security for zizmor

* ci: pin all actions to commit hashes

* ci: fix zizmor linter errors in workflows

- Add explicit permissions blocks to all workflows
- Set persist-credentials: false for checkout actions
- Fix template injection by using env variables in run blocks

* fix: address zizmor template injection warnings in action.yaml

- Move inputs to env block to prevent template injection
- Add ignore comment for github-env false positive

* ci: fix remaining zizmor linter errors

- Add permissions and persist-credentials to test.yaml
- Fix ignore comment placement for github-env in action.yaml
 2026-02-20 15:24:24 -07:00
Nikita Pivkin 6476b939ea feat: support for YAML ignore file 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-20 19:06:31 +06:00
Aqua Security automated builds c1824fd6ed chore(deps): Update trivy to v0.69.1 (#506) 
Co-authored-by: simar7 <simar7@users.noreply.github.com>
v0.34.0 		2026-02-12 12:51:05 -07:00
DmitriyLewen bc61dc5570 Merge commit from fork 2026-02-12 12:41:16 -07:00
Nikita Pivkin 5eb7ef2605 ci: use checks bundle v2 in sync workflow (#505) 
* ci: use checks bundle v2 in sync workflow

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* test: update golden files

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2026-02-12 12:37:57 -07:00
Nikita Pivkin 22438a4357 Merge pull request #496 from aquasecurity/bump-trivy-1765431074 2025-12-11 14:34:44 +06:00
simar7 0024b3f39e chore(deps): Update trivy to v0.68.1 2025-12-11 05:31:14 +00:00
Nikita Pivkin 83690f7d38 ci: install trivy in bump-trivy workflow and update tests (#495) 
* ci: install trivy in bump-trivy workflow

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* test: diasble list-all-pkgs and remove ReportID

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* ci: run tests after updating golden files

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* fix BATS_LIB_PATH setting

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-12-10 22:30:00 -07:00
Nikita Pivkin df65449f48 chore: update README (#493) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-12-08 17:02:57 -07:00
Nikita Pivkin 0317097f59 ci: use setup-bats in bump-trivy workflow (#494) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-12-08 17:02:32 -07:00
Martin Costello b6643a29fe Update setup-trivy action to version v0.2.4 (#486) v0.33.1 2025-08-29 14:43:29 +06:00
Nikita Pivkin f9424c10c3 Merge pull request #481 from aquasecurity/bump-trivy-1755898251 v0.33.0 2025-08-27 13:19:48 +06:00
Nikita Pivkin 85abccb4a4 dev: delete fanal.db before tests 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-08-27 13:05:59 +06:00
Nikita Pivkin a1698702b6 ci: update golden files on Trivy bump 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-08-27 12:33:47 +06:00
Nikita Pivkin 71f6a8fb8b dev: add update-golden goal 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-08-27 12:20:05 +06:00
Nikita Pivkin bf330b1153 test: update golden files 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-08-27 12:19:06 +06:00
Nikita Pivkin 644762e8d4 Merge pull request #482 from aquasecurity/fix-gh-actions 2025-08-27 11:56:15 +06:00
Simar f2e28516ef chore(ci): Add oras to correctly setup sync jobs 2025-08-26 19:17:21 -06:00
Simar 636fd3c4eb fix: update tests 2025-08-26 19:12:07 -06:00
simar7 7c0244b8c6 chore(deps): Update trivy to v0.65.0 2025-08-22 21:30:51 +00:00
Martin Costello c26e17b164 Pin actions/cache by SHA (#480) 
Resolves #479.
 2025-08-22 15:29:59 -06:00
YuXuan Tay 77137e9dc3 doc/correct-sbom-fs-scan (#458) 2025-07-07 12:48:46 -06:00
Akshay Iyyadurai Balasundaram e7fbf034e4 Update dependencies in README (#378) 
* chore: update dependencies in README

* chore: update the actions/checkout version in documentation

* chore: bump upload-sarif dependency from readme

* docs: bump actions/checkout to v4

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-07-07 12:46:41 -06:00
Aqua Security automated builds dc5a429b52 chore(deps): Update trivy to v0.64.1 (#474) 
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com>
v0.32.0 		2025-07-04 00:18:35 -06:00
Aqua Security automated builds 76071ef0d7 chore(deps): Update trivy to v0.63.0 (#467) 
* chore(deps): Update trivy to v0.63.0

* update test data

---------

Co-authored-by: simar7 <simar7@users.noreply.github.com>
Co-authored-by: Simar <simar@linux.com>
v0.31.0 		2025-06-03 13:38:46 +06:00
Nikita Pivkin 4844d823d3 ci: fix workflow to bump Trivy (#466) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-06-02 21:30:59 -06:00
simar7 26d71e622b refactor: use ubuntu 24.04 (#465) 2025-05-16 11:37:50 +06:00
Maxim Masiutin b3dafe507f Bump Trivy version to fix GitHub actions (#460) 2025-05-12 14:16:37 -06:00
Lari Hotari 99baf0d8b4 Pin aquasecuriy/setup-trivy to hash instead of tag (#456) 
* Pin aquasecuriy/setup-trivy to hash instead of tag

Fixes #423

* Address review comment

* Revisit previous change based on feedback
 2025-04-08 20:50:36 -06:00
Rob Vesse 7aca5acc95 fix: Trivy action inputs leaking between invocations (#422) (#454) 
* fix: use trivy_envs.txt for envs

* test: add test step

* refactor

* refactor

* test

* refactor: use `export` in trivy_envs.txt

* test

* test metadata.json

* test metadata.json

* Clean up envs file better (#422)

- Explicitly rm -f it at start and end of action
- Also remove temporary test steps from action

* Add BATS test for usage of trivy_envs.txt file (#422)

* Add optional step triggered only when Actions Debug logging

Dump the generated environment variables file only when tests are run
with actions debug logging

* Fix to always set env vars into file (#422)

This is done as long as they have a non-empty input value, or a
non-empty default value.

* Clean up env overwriting

- Remove unnecessary debug statements in the action used during testing
- Additional explanatory comments
- Fix to address case where caller explicitly injects environment
  variables, either via env: block on the action call or via GITHUB_ENV

* Further refine env var setting logic (#422)

Noted in documenting this fix that what had been implemented deviated
from the existing configuration priority documentation.  Amended the
implementation of the Action to try and restore that consistency.

* Fix shell syntax error (#422)

---------

Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
 2025-04-04 23:59:10 -06:00
DmitriyLewen ea27ac12e1 docs: add info that unix:/ prefix is required (#455) 2025-04-01 21:44:53 -06:00
Nikita Pivkin 6c175e9c40 chore: bump trivy to v0.60.0 (#453) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
v0.30.0 		2025-03-13 20:58:00 -06:00