build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.29.0 #117
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.29.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.24.0...0.29.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -58,7 +58,7 @@ | |||
| steps: | |||
| - uses: actions/checkout@v4 | |||
| - name: Run Trivy vulnerability scanner in repo mode | |||
| uses: aquasecurity/trivy-action@0.24.0 | |||
| uses: aquasecurity/trivy-action@0.29.0 | |||
Check notice
Code scanning / KICS
Unpinned Actions Full Length Commit SHA Note
| @@ -98,7 +98,7 @@ | |||
| ## the next two steps will only execute if the image exists check was successful | |||
| - name: Run Trivy vulnerability scanner | |||
| if: success() && steps.imageCheck.outcome != 'failure' | |||
| uses: aquasecurity/trivy-action@0.24.0 | |||
| uses: aquasecurity/trivy-action@0.29.0 | |||
Check notice
Code scanning / KICS
Unpinned Actions Full Length Commit SHA Note
|
This pull request is stale because it has been open for 7 days with no activity. |
|
This pull request was closed because it has been inactive for 7 days since being marked as stale. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/github_actions/main/aquasecurity/trivy-action-0.29.0
branch
Bumps aquasecurity/trivy-action from 0.24.0 to 0.29.0.
Release notes
Sourced from aquasecurity/trivy-action's releases.
... (truncated)
Commits
18f2510chore(deps): Bump trivy to v0.57.1 (#434)93941cedocs: remove ignore-unfixed from IaC scan example (#429)d2a392afix: bumpsetup-trivyand add newcontribdirectory path info (#424)ee89346feat: add token forsetup-trivy(#421)cf990b1Update README.md (#420)bff40bedocs: Fix oras command not found (#413)fc1500afeat: Allow skipping setup (#414)915b19bchore(deps): bump setup-trivy to v0.2.1 (#411)5681af8fix: set envs only when passed (#405)8078967chore: update description for scanners and format inputs (#407)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)