From 841fb371db7b5cd339e5b2d55c92f5dbd730ac9f Mon Sep 17 00:00:00 2001 From: simar7 <1254783+simar7@users.noreply.github.com> Date: Wed, 22 May 2024 18:59:56 -0600 Subject: [PATCH] chore(docs): Reference the use of a pinned version (#356) --- README.md | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 1447610..f76e694 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ jobs: run: | docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'table' @@ -67,7 +67,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in fs mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' scan-ref: '.' @@ -117,7 +117,7 @@ jobs: docker save -o vuln-image.tar - name: Run Trivy vulnerability scanner in tarball mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: input: /github/workspace/vuln-image.tar severity: 'CRITICAL,HIGH' @@ -145,7 +145,7 @@ jobs: docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -180,7 +180,7 @@ jobs: docker build -t docker.io/my-organization/my-app:${{ github.sha }} . - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -215,7 +215,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' ignore-unfixed: true @@ -249,7 +249,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner with rootfs command - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'rootfs' scan-ref: 'rootfs-example-binary' @@ -284,7 +284,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner in IaC mode - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'config' hide-progress: true @@ -328,7 +328,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' format: 'github' @@ -359,7 +359,7 @@ jobs: runs-on: ubuntu-20.04 steps: - name: Scan image in a private registry - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: "private_image_registry/image_name:image_tag" scan-type: image @@ -402,7 +402,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -438,7 +438,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'aws_account_id.dkr.ecr.region.amazonaws.com/imageName:${{ github.sha }}' format: 'sarif' @@ -474,7 +474,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -507,7 +507,7 @@ jobs: uses: actions/checkout@v3 - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' format: 'sarif' @@ -530,7 +530,7 @@ This step is especially useful for private repositories without [GitHub Advanced ```yaml - name: Run Trivy scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.20.0 with: scan-type: config hide-progress: true