f685ba7215
ci: use action.yaml as single source of truth for Trivy version ( #552 )
...
* ci: use action.yaml as single source of truth for Trivy version
* dev: add yq check and configurable Trivy install directory
2026-04-10 17:29:15 +06:00
34f2b232c5
chore(ci): update bump-trivy workflow ( #546 )
2026-04-10 14:17:09 +06:00
57a97c7e78
chore(deps): Update trivy to v0.69.3 ( #519 )
...
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com >
2026-03-04 13:13:53 +06:00
97e0b3872f
chore: bump Trivy version to v0.69.2 in test workflow and README ( #515 )
2026-03-02 09:22:29 +06:00
4c61e6329b
chore: bump default Trivy version to v0.69.2 ( #513 )
2026-03-02 08:54:24 +06:00
1bd062560b
Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
...
feat: add YAML support for trivyignores
2026-02-25 17:27:51 +06:00
bce3086c4a
remove unused init-cache target
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 15:17:00 +06:00
5a9fbb1236
supress progress bar when download db
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 15:15:54 +06:00
16154502ca
update trivyignores input description
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 13:20:10 +06:00
df85774a45
add comment about fd3
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 13:06:11 +06:00
56c8daebb9
remove unused variable
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-25 12:50:43 +06:00
e368e32897
ci(test): add zizmor security linter for GitHub Actions ( #502 )
...
* ci: add zizmor security linter for GitHub Actions
* ci: disable advanced-security for zizmor
* ci: pin all actions to commit hashes
* ci: fix zizmor linter errors in workflows
- Add explicit permissions blocks to all workflows
- Set persist-credentials: false for checkout actions
- Fix template injection by using env variables in run blocks
* fix: address zizmor template injection warnings in action.yaml
- Move inputs to env block to prevent template injection
- Add ignore comment for github-env false positive
* ci: fix remaining zizmor linter errors
- Add permissions and persist-credentials to test.yaml
- Fix ignore comment placement for github-env in action.yaml
2026-02-20 15:24:24 -07:00
6476b939ea
feat: support for YAML ignore file
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-20 19:06:31 +06:00
c1824fd6ed
chore(deps): Update trivy to v0.69.1 ( #506 )
...
Co-authored-by: simar7 <simar7@users.noreply.github.com >
2026-02-12 12:51:05 -07:00
bc61dc5570
Merge commit from fork
2026-02-12 12:41:16 -07:00
5eb7ef2605
ci: use checks bundle v2 in sync workflow ( #505 )
...
* ci: use checks bundle v2 in sync workflow
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
* test: update golden files
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
---------
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2026-02-12 12:37:57 -07:00
22438a4357
Merge pull request #496 from aquasecurity/bump-trivy-1765431074
2025-12-11 14:34:44 +06:00
0024b3f39e
chore(deps): Update trivy to v0.68.1
2025-12-11 05:31:14 +00:00
83690f7d38
ci: install trivy in bump-trivy workflow and update tests ( #495 )
...
* ci: install trivy in bump-trivy workflow
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
* test: diasble list-all-pkgs and remove ReportID
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
* ci: run tests after updating golden files
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
* fix BATS_LIB_PATH setting
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
---------
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-12-10 22:30:00 -07:00
df65449f48
chore: update README ( #493 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-12-08 17:02:57 -07:00
0317097f59
ci: use setup-bats in bump-trivy workflow ( #494 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-12-08 17:02:32 -07:00
b6643a29fe
Update setup-trivy action to version v0.2.4 ( #486 )
2025-08-29 14:43:29 +06:00
f9424c10c3
Merge pull request #481 from aquasecurity/bump-trivy-1755898251
2025-08-27 13:19:48 +06:00
85abccb4a4
dev: delete fanal.db before tests
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-08-27 13:05:59 +06:00
a1698702b6
ci: update golden files on Trivy bump
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-08-27 12:33:47 +06:00
71f6a8fb8b
dev: add update-golden goal
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-08-27 12:20:05 +06:00
bf330b1153
test: update golden files
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-08-27 12:19:06 +06:00
644762e8d4
Merge pull request #482 from aquasecurity/fix-gh-actions
2025-08-27 11:56:15 +06:00
f2e28516ef
chore(ci): Add oras to correctly setup sync jobs
2025-08-26 19:17:21 -06:00
636fd3c4eb
fix: update tests
2025-08-26 19:12:07 -06:00
7c0244b8c6
chore(deps): Update trivy to v0.65.0
2025-08-22 21:30:51 +00:00
c26e17b164
Pin actions/cache by SHA ( #480 )
...
Resolves #479 .
2025-08-22 15:29:59 -06:00
77137e9dc3
doc/correct-sbom-fs-scan ( #458 )
2025-07-07 12:48:46 -06:00
e7fbf034e4
Update dependencies in README ( #378 )
...
* chore: update dependencies in README
* chore: update the actions/checkout version in documentation
* chore: bump upload-sarif dependency from readme
* docs: bump actions/checkout to v4
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
---------
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-07-07 12:46:41 -06:00
dc5a429b52
chore(deps): Update trivy to v0.64.1 ( #474 )
...
Co-authored-by: nikpivkin <nikpivkin@users.noreply.github.com >
2025-07-04 00:18:35 -06:00
76071ef0d7
chore(deps): Update trivy to v0.63.0 ( #467 )
...
* chore(deps): Update trivy to v0.63.0
* update test data
---------
Co-authored-by: simar7 <simar7@users.noreply.github.com >
Co-authored-by: Simar <simar@linux.com >
2025-06-03 13:38:46 +06:00
4844d823d3
ci: fix workflow to bump Trivy ( #466 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-06-02 21:30:59 -06:00
26d71e622b
refactor: use ubuntu 24.04 ( #465 )
2025-05-16 11:37:50 +06:00
b3dafe507f
Bump Trivy version to fix GitHub actions ( #460 )
2025-05-12 14:16:37 -06:00
99baf0d8b4
Pin aquasecuriy/setup-trivy to hash instead of tag ( #456 )
...
* Pin aquasecuriy/setup-trivy to hash instead of tag
Fixes #423
* Address review comment
* Revisit previous change based on feedback
2025-04-08 20:50:36 -06:00
7aca5acc95
fix: Trivy action inputs leaking between invocations ( #422 ) ( #454 )
...
* fix: use trivy_envs.txt for envs
* test: add test step
* refactor
* refactor
* test
* refactor: use `export` in trivy_envs.txt
* test
* test metadata.json
* test metadata.json
* Clean up envs file better (#422 )
- Explicitly rm -f it at start and end of action
- Also remove temporary test steps from action
* Add BATS test for usage of trivy_envs.txt file (#422 )
* Add optional step triggered only when Actions Debug logging
Dump the generated environment variables file only when tests are run
with actions debug logging
* Fix to always set env vars into file (#422 )
This is done as long as they have a non-empty input value, or a
non-empty default value.
* Clean up env overwriting
- Remove unnecessary debug statements in the action used during testing
- Additional explanatory comments
- Fix to address case where caller explicitly injects environment
variables, either via env: block on the action call or via GITHUB_ENV
* Further refine env var setting logic (#422 )
Noted in documenting this fix that what had been implemented deviated
from the existing configuration priority documentation. Amended the
implementation of the Action to try and restore that consistency.
* Fix shell syntax error (#422 )
---------
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io >
2025-04-04 23:59:10 -06:00
ea27ac12e1
docs: add info that unix:/ prefix is required ( #455 )
2025-04-01 21:44:53 -06:00
6c175e9c40
chore: bump trivy to v0.60.0 ( #453 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2025-03-13 20:58:00 -06:00
53e8848d3e
Improve README/SBOM ( #439 )
...
* Improve README/SBOM
* Use logical workflow name
* Use modern ubuntu version
* Update README.md
2025-03-12 16:11:45 -06:00
ef1b561207
fix: typo in description of an input for action.yaml ( #452 )
2025-03-12 16:11:20 -06:00
a11da62073
fix: Update default trivy version in README ( #444 )
...
As part of PR #434 the default trivy version got bumped
but the readme didn't reflect it.
2025-01-07 16:37:47 -07:00
18f2510ee3
chore(deps): Bump trivy to v0.57.1 ( #434 )
...
* chore(deps): Bump trivy to v0.57.1
* update tests
* use mirrors from mirror.gcr.io
* update workflow for tests
* Revert "use mirrors from mirror.gcr.io"
This reverts commit 529a941eed
2024-11-19 17:11:53 -07:00
93941cebba
docs: remove ignore-unfixed from IaC scan example ( #429 )
...
Signed-off-by: Nikita Pivkin <nikita.pivkin@smartforce.io >
2024-11-18 16:54:58 -07:00
d2a392a137
fix: bump setup-trivy and add new contrib directory path info ( #424 )
...
* chore(deps): use fork for setup-trivy
* docs: add info about templates
* refactor: use `setup-trivy` v0.2.2
* docs: remove `./` prefix
* Merge branch 'main' into 'fix/contrib-dir'
* docs: fix link
* docs: fix typo
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
---------
Co-authored-by: simar7 <1254783+simar7@users.noreply.github.com >
2024-10-25 00:45:28 -06:00
ee8934673c
feat: add token for setup-trivy ( #421 )
...
* feat: add `token-setup-trivy` input.
* docs: add info about `token-setup-trivy`
* fix: use correct commit
* refactor: use `default: ${{ github.token }}` for `token-setup-trivy`
* refactor: use `setup-trivy` v0.2.2
2024-10-24 23:32:23 -06:00
Nikita Pivkin
DmitriyLewen
Aqua Security automated builds
Nicholas Jackson
simar7
Martin Costello
Simar
YuXuan Tay
Akshay Iyyadurai Balasundaram
simar7
Maxim Masiutin
Lari Hotari
Rob Vesse
Alex B
Yuta Tokoi
Mario Apra