Upgrade Trivy action to version 0.35.0

tarilabs · web-flow · commit e8c2dfe46f6e · 2026-03-22T20:59:25.000+01:00
Updated Trivy action version to v0.35.0 for vulnerability scans.
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -33,7 +33,7 @@ jobs:
           fi
 
       - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -42,7 +42,7 @@ jobs:
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
           exit-code: '0'
       - name: Check for critical and high vulnerabilities
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -111,4 +111,4 @@ jobs:
           name: bandit-sarif-results
           path: results.sarif
           retention-days: 30
-        continue-on-error: true
+        continue-on-error: true
