aquasecurity/trivy-action
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy-action.git synced 2026-05-14 03:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
202 Commits 7 Branches 75 Tags
e368e328979b113139d6f9068e03accaed98a518
Commit Graph

9 Commits

Author SHA1 Message Date
DmitriyLewen e368e32897 ci(test): add zizmor security linter for GitHub Actions (#502) 
* ci: add zizmor security linter for GitHub Actions

* ci: disable advanced-security for zizmor

* ci: pin all actions to commit hashes

* ci: fix zizmor linter errors in workflows

- Add explicit permissions blocks to all workflows
- Set persist-credentials: false for checkout actions
- Fix template injection by using env variables in run blocks

* fix: address zizmor template injection warnings in action.yaml

- Move inputs to env block to prevent template injection
- Add ignore comment for github-env false positive

* ci: fix remaining zizmor linter errors

- Add permissions and persist-credentials to test.yaml
- Fix ignore comment placement for github-env in action.yaml
 2026-02-20 15:24:24 -07:00
Nikita Pivkin 83690f7d38 ci: install trivy in bump-trivy workflow and update tests (#495) 
* ci: install trivy in bump-trivy workflow

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* test: diasble list-all-pkgs and remove ReportID

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* ci: run tests after updating golden files

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

* fix BATS_LIB_PATH setting

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>

---------

Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-12-10 22:30:00 -07:00
Nikita Pivkin 0317097f59 ci: use setup-bats in bump-trivy workflow (#494) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-12-08 17:02:32 -07:00
Nikita Pivkin a1698702b6 ci: update golden files on Trivy bump 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-08-27 12:33:47 +06:00
Nikita Pivkin 4844d823d3 ci: fix workflow to bump Trivy (#466) 
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
 2025-06-02 21:30:59 -06:00
Teppei Fukuda a20de5420d feat: store artifacts in cache by default (#399) 
* feat: migrate to a composite action

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Fix tests

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* Delete an unused input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: expect status code 0

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* test: not use run

https://bats-core.readthedocs.io/en/stable/writing-tests.html#when-not-to-use-run

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: add 'cache' input

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: pin Trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* fix: bump trivy version

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* feat: use date for cache key

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* chore: delete a comment

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* docs: update README

Signed-off-by: knqyf263 <knqyf263@gmail.com>

* refactor: resolve conflicts and use envs

Signed-off-by: knqyf263 <knqyf263@gmail.com>

---------

Signed-off-by: knqyf263 <knqyf263@gmail.com>
 2024-10-08 14:20:38 -06:00
Oussama Bounaim 89b14e517d Upgrade GitHub actions (#374) 
* Upgrade Github checkout action

* Upgrade Github upload-sarif action

* Upgrade Github checkout action - Pipeline
 2024-10-02 14:41:43 -06:00
simar7 b2cd5ff52c Update bump-trivy.yaml 2024-05-07 18:03:36 -06:00
Nikita Pivkin e602665a11 ci: add workflow to bump trivy (#245) 
* ci: add workflow to bump trivy

* update trivy version in tests

* dispatch event workflow_dispatch

* use ORG_REPO_TOKEN secret
 2023-07-25 15:58:10 -06:00