ed142fd067
chore: update action version to v0.36.0 in examples ( #563 )
2026-04-22 15:20:48 +06:00
dea62cf79a
chore(deps): Update trivy to v0.70.0 ( #559 )
...
Co-authored-by: GitHub Actions <actions@github.com >
2026-04-22 12:55:59 +06:00
876cf04c63
Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 ( #548 )
2026-04-17 11:19:56 +06:00
dada78485d
Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name ( #547 )
2026-04-17 10:50:30 +06:00
57a97c7e78
chore(deps): Update trivy to v0.69.3 ( #519 )
...
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com >
2026-03-04 13:13:53 +06:00
97e0b3872f
chore: bump Trivy version to v0.69.2 in test workflow and README ( #515 )
2026-03-02 09:22:29 +06:00
16154502ca
update trivyignores input description
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 13:20:10 +06:00
6476b939ea
feat: support for YAML ignore file
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-20 19:06:31 +06:00
c1824fd6ed
chore(deps): Update trivy to v0.69.1 ( #506 )
...
Co-authored-by: simar7 <simar7@users.noreply.github.com >
2026-02-12 12:51:05 -07:00
0024b3f39e
chore(deps): Update trivy to v0.68.1
2025-12-11 05:31:14 +00:00
df65449f48
chore: update README ( #493 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-12-08 17:02:57 -07:00
7c0244b8c6
chore(deps): Update trivy to v0.65.0
2025-08-22 21:30:51 +00:00
77137e9dc3
doc/correct-sbom-fs-scan ( #458 )
2025-07-07 12:48:46 -06:00
e7fbf034e4
Update dependencies in README ( #378 )
...
* chore: update dependencies in README
* chore: update the actions/checkout version in documentation
* chore: bump upload-sarif dependency from readme
* docs: bump actions/checkout to v4
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
---------
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-07-07 12:46:41 -06:00
dc5a429b52
chore(deps): Update trivy to v0.64.1 ( #474 )
...
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com >
2025-07-04 00:18:35 -06:00
76071ef0d7
chore(deps): Update trivy to v0.63.0 ( #467 )
...
* chore(deps): Update trivy to v0.63.0
* update test data
---------
Co-authored-by: simar7 <simar7@users.noreply.github.com >
Co-authored-by: Simar <simar@linux.com >
2025-06-03 13:38:46 +06:00
26d71e622b
refactor: use ubuntu 24.04 ( #465 )
2025-05-16 11:37:50 +06:00
b3dafe507f
Bump Trivy version to fix GitHub actions ( #460 )
2025-05-12 14:16:37 -06:00
7aca5acc95
fix: Trivy action inputs leaking between invocations ( #422 ) ( #454 )
...
* fix: use trivy_envs.txt for envs
* test: add test step
* refactor
* refactor
* test
* refactor: use `export` in trivy_envs.txt
* test
* test metadata.json
* test metadata.json
* Clean up envs file better (#422 )
- Explicitly rm -f it at start and end of action
- Also remove temporary test steps from action
* Add BATS test for usage of trivy_envs.txt file (#422 )
* Add optional step triggered only when Actions Debug logging
Dump the generated environment variables file only when tests are run
with actions debug logging
* Fix to always set env vars into file (#422 )
This is done as long as they have a non-empty input value, or a
non-empty default value.
* Clean up env overwriting
- Remove unnecessary debug statements in the action used during testing
- Additional explanatory comments
- Fix to address case where caller explicitly injects environment
variables, either via env: block on the action call or via GITHUB_ENV
* Further refine env var setting logic (#422 )
Noted in documenting this fix that what had been implemented deviated
from the existing configuration priority documentation. Amended the
implementation of the Action to try and restore that consistency.
* Fix shell syntax error (#422 )
---------
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io >
2025-04-04 23:59:10 -06:00
ea27ac12e1
docs: add info that unix:/ prefix is required ( #455 )
2025-04-01 21:44:53 -06:00
6c175e9c40
chore: bump trivy to v0.60.0 ( #453 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-03-13 20:58:00 -06:00
53e8848d3e
Improve README/SBOM ( #439 )
...
* Improve README/SBOM
* Use logical workflow name
* Use modern ubuntu version
* Update README.md
2025-03-12 16:11:45 -06:00
a11da62073
fix: Update default trivy version in README ( #444 )
...
As part of PR #434 the default trivy version got bumped
but the readme didn't reflect it.
2025-01-07 16:37:47 -07:00
18f2510ee3
chore(deps): Bump trivy to v0.57.1 ( #434 )
...
* chore(deps): Bump trivy to v0.57.1
* update tests
* use mirrors from mirror.gcr.io
* update workflow for tests
* Revert "use mirrors from mirror.gcr.io"
This reverts commit 529a941eed
2024-11-19 17:11:53 -07:00
93941cebba
docs: remove ignore-unfixed from IaC scan example ( #429 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2024-11-18 16:54:58 -07:00
d2a392a137
fix: bump setup-trivy and add new contrib directory path info ( #424 )
...
* chore(deps): use fork for setup-trivy
* docs: add info about templates
* refactor: use `setup-trivy` v0.2.2
* docs: remove `./` prefix
* Merge branch 'main' into 'fix/contrib-dir'
* docs: fix link
* docs: fix typo
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
---------
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
2024-10-25 00:45:28 -06:00
ee8934673c
feat: add token for setup-trivy ( #421 )
...
* feat: add `token-setup-trivy` input.
* docs: add info about `token-setup-trivy`
* fix: use correct commit
* refactor: use `default: ${{ github.token }}` for `token-setup-trivy`
* refactor: use `setup-trivy` v0.2.2
2024-10-24 23:32:23 -06:00
cf990b19d8
Update README.md ( #420 )
2024-10-21 22:43:57 -06:00
bff40be51b
docs: Fix oras command not found ( #413 )
2024-10-21 22:43:42 -06:00
fc1500abdc
feat: Allow skipping setup ( #414 )
...
If a user is invoking the action multiple times then the trivy binary
gets installed multiple times. Users can avoid this by managing the
installation themselves and setting the skip-setup input to true, or by
letting the action install in on their first invocation and then setting
skip-setup to true on subsequent invocations
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
2024-10-15 19:57:47 -06:00
5681af892c
fix: set envs only when passed ( #405 )
...
* fix: set envs when passed
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* use inputs.<input_id>.default
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Revert "use inputs.<input_id>.default"
This reverts commit 1a12292eacknqyf263@gmail.com >
2024-10-10 22:48:38 -06:00
807896715e
chore: update description for scanners and format inputs ( #407 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2024-10-09 15:37:31 -06:00
a20de5420d
feat: store artifacts in cache by default ( #399 )
...
* feat: migrate to a composite action
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Fix tests
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* Delete an unused input
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* test: expect status code 0
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* test: not use run
https://bats-core.readthedocs.io/en/stable/writing-tests.html#when-not-to-use-run
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: add 'cache' input
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* docs: update README
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: pin Trivy version
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* fix: bump trivy version
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* feat: use date for cache key
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* chore: delete a comment
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* docs: update README
Signed-off-by: knqyf263 <knqyf263@gmail.com >
* refactor: resolve conflicts and use envs
Signed-off-by: knqyf263 <knqyf263@gmail.com >
---------
Signed-off-by: knqyf263 <knqyf263@gmail.com >
2024-10-08 14:20:38 -06:00
1b8b83dcc2
docs: add usage info about action/cache for trivy databases ( #397 )
...
* docs: add info about using `action/cache` for `trivy-db`
* docs: add info about trivy-java-db and trivy-checks
2024-10-07 22:05:39 -06:00
89b14e517d
Upgrade GitHub actions ( #374 )
...
* Upgrade Github checkout action
* Upgrade Github upload-sarif action
* Upgrade Github checkout action - Pipeline
2024-10-02 14:41:43 -06:00
841fb371db
chore(docs): Reference the use of a pinned version ( #356 )
2024-05-22 18:59:56 -06:00
207cd40078
Fix docker host bug ( #329 )
...
* Update entrypoint.sh
should be a value not boolean
* Update action.yaml
add example
* Update README.md
2024-04-04 22:59:05 -06:00
840deb4908
Browse scan reports without GitHub Advanced Security license ( #328 )
2024-04-04 22:58:29 -06:00
f72b7e8127
Make 'hide-progress' input working again ( #323 )
...
* Make hide-progress input working again
* Unify 'hide-progress' default value
2024-03-28 19:06:30 -06:00
1f6384b6ce
docs(report): improve documentation around Using Trivy to generate SBOM and sending it to Github ( #307 )
...
* Improved documentation with details on how to send output as an artifact on Github and giving an example of a private image scan
* formatting
* better name for job
2024-02-13 15:20:36 -07:00
0b9d17b6b5
docs: add configuration info for flags not supported by inputs ( #296 )
...
* docs: add information about configuration flags not supported by inputs
* docs: add env and config file to Customizing
2024-01-11 15:13:21 -07:00
d43c1f16c0
docs: fix typo in README.md ( #293 )
...
Signed-off-by: Lucas Bickel <hairmare@purplehaze.ch >
2024-01-02 17:53:48 -07:00
22d2755f77
feature(config): add terraform variable files ( #285 )
...
* Action now takes an input for terraform variable filess
* added tf-vars
* updated README.md
* Updated yamlconfig test to latest version of trivy output for that container
* updated for correct cpu type
* test trivy version change to 0.45.0
* run scan with correct parameters
* Added test for terraform tfvars
* Updated output for other tests
* use test data as path and updated tf vars to be relative
* removed quiet
2023-12-04 16:27:47 -07:00
463f27e2d8
Update README.md to change the example to the new default brach name main from master.
...
Update README.md to change the example to the new default branch name "main" from "master".
I hope this will make the action slightly easier to work with for newer members of the community.
2023-05-12 10:45:16 +01:00
1a09192c0e
docs: improve SBOM documentation ( #208 )
...
* fix: dependency graph name ocurrences
* feat: improve readability and add useful links
* feat: improve readability and instructions
Improves readability and adds missing information about github_token, another authentication method.
* feat: add github_token instructions
* feat: add github_token to inputs table
* feat: add "what is an SBOM" link
* fix: GitHub dependency graph name ocurrence
* feat: improve SBOM input description
* fix: remove "on pull request" trigger
Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com >
* fix: outdated input name
---------
Co-authored-by: Duncan Casteleyn <10881109+DuncanCasteleyn@users.noreply.github.com >
2023-03-28 17:48:04 -07:00
1f0aa582c8
Rename security-checks to scanners ( #211 )
...
* Renaming securityChecks to runners
* Renaming securityChecks to runners
* Renaming securityChecks to runners
* Correcting README
2023-03-06 21:00:01 -08:00
ab15891596
Update README.md ( #186 )
...
Fix typo
2023-02-01 16:23:59 -08:00
cacfd7a243
docs: add trivy-config to table ( #195 )
2023-02-01 16:19:16 -08:00
1e0bef4613
fix(sarif): Add option to limit severities for sarif (aquasecurity#192) ( #198 )
2023-02-01 16:18:31 -08:00
12814ff8bc
docs: correct format and add output on config scan with sarif ( #159 )
2022-08-15 11:09:42 -07:00
Nikita Pivkin
Argon-DevOps-Mgt
Aditya Singh Tomar
Patrik Csak
Aqua Security automated builds
DmitriyLewen
simar7
YuXuan Tay
Akshay Iyyadurai Balasundaram
simar7
Maxim Masiutin
Rob Vesse
Alex B
Mario Apra
Daisuke Sato
Rob Vesse
Teppei Fukuda
Oussama Bounaim
Lukas Gravley
uridium
uridium
Maxime Durand
Lucas Bickel
Kyle Davies
John Smith
Guilherme Marz Vazzolla
Viktor Sadovnikov
Michael Cantú
Omar Silva
AndreyLevchenko
Engin Diri