Skip to content

Commit

Permalink
test with custom trivy-action
Browse files Browse the repository at this point in the history 
Required-githooks: true

Signed-off-by: Tomasz Gromadzki <[email protected]>
  • Loading branch information
@grom72
grom72 committed Oct 30, 2024
1 parent 039e648 commit c2cd42d
Showing 1 changed file with 1 addition and 3 deletions.
4 changes: 1 addition & 3 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,13 @@ permissions: {}
jobs:
scan:
name: Scan with Trivy
# Trivy scan may use cached CVEs database if cache already exists.
# Otherwise, the Trivy scan tool downloads CVEs database itself.
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Run Trivy vulnerability scanner in filesystem mode (table format)
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
uses: grom72/trivy-action@skip-download

Check warning

Code scanning / Scorecard

Pinned-Dependencies Medium

score is 1: third-party GitHubAction not pinned by hash
Click Remediation section below to solve this issue
with:
scan-type: 'fs'
scan-ref: '.'
Expand Down

0 comments on commit c2cd42d

Please sign in to comment.