Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: aquasecurity/trivy-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: fd25fed6972e341ff0007ddb61f77e88103953c2
Choose a base ref
...
head repository: aquasecurity/trivy-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 595be6a0f6560a0a8fc419ddf630567fc623531d
Choose a head ref
  • 2 commits
  • 3 files changed
  • 2 contributors

Commits on May 23, 2024

  1. chore(docs): Reference the use of a pinned version (#356)

    @simar7
    simar7 authored May 23, 2024
    Loading
    Loading status checks…

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    841fb37 View commit details

Commits on Jun 6, 2024

  1. Upgrade trivy to v0.52.0 (#364)

    @Keralin
    Keralin authored Jun 6, 2024
    Loading
    Loading status checks…
    Copy the full SHA
    595be6a View commit details
Showing with 17 additions and 17 deletions.
  1. +1 −1 .github/workflows/test.yaml
  2. +1 −1 Dockerfile
  3. +15 −15 README.md
2 changes: 1 addition & 1 deletion .github/workflows/test.yaml
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ on:
workflow_dispatch:

env:
TRIVY_VERSION: 0.51.2
TRIVY_VERSION: 0.52.0
BATS_LIB_PATH: '/usr/lib/'

jobs:
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ghcr.io/aquasecurity/trivy:0.51.2
FROM ghcr.io/aquasecurity/trivy:0.52.0
COPY entrypoint.sh /
RUN apk --no-cache add bash curl npm
RUN chmod +x /entrypoint.sh
30 changes: 15 additions & 15 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -39,7 +39,7 @@ jobs:
run: |
docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'table'
@@ -67,7 +67,7 @@ jobs:
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
scan-ref: '.'
@@ -117,7 +117,7 @@ jobs:
docker save -o vuln-image.tar <your-docker-image>
- name: Run Trivy vulnerability scanner in tarball mode
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
input: /github/workspace/vuln-image.tar
severity: 'CRITICAL,HIGH'
@@ -145,7 +145,7 @@ jobs:
docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'sarif'
@@ -180,7 +180,7 @@ jobs:
docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'sarif'
@@ -215,7 +215,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
ignore-unfixed: true
@@ -249,7 +249,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner with rootfs command
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'rootfs'
scan-ref: 'rootfs-example-binary'
@@ -284,7 +284,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'config'
hide-progress: true
@@ -328,7 +328,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: 'fs'
format: 'github'
@@ -359,7 +359,7 @@ jobs:
runs-on: ubuntu-20.04
steps:
- name: Scan image in a private registry
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: "private_image_registry/image_name:image_tag"
scan-type: image
@@ -402,7 +402,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'sarif'
@@ -438,7 +438,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'aws_account_id.dkr.ecr.region.amazonaws.com/imageName:${{ github.sha }}'
format: 'sarif'
@@ -474,7 +474,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'sarif'
@@ -507,7 +507,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
format: 'sarif'
@@ -530,7 +530,7 @@ This step is especially useful for private repositories without [GitHub Advanced

```yaml
- name: Run Trivy scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.20.0
with:
scan-type: config
hide-progress: true