From 32e45ca6ed8ae4dc7014f7aeda5e05a6402fa75b Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Mon, 1 Dec 2025 14:20:05 +0100 Subject: [PATCH 1/3] Bump trivy-action anc upload-sariv versions in `scan container image` action --- actions/scan_container_image/action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/scan_container_image/action.yml b/actions/scan_container_image/action.yml index d7df118..7e633f0 100644 --- a/actions/scan_container_image/action.yml +++ b/actions/scan_container_image/action.yml @@ -35,7 +35,7 @@ runs: fi - name: Scan container image for vulnerabilities - uses: aquasecurity/trivy-action@0.17.0 + uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1 with: image-ref: '${{ inputs.image_ref }}' format: 'sarif' @@ -47,7 +47,7 @@ runs: scanners: '${{ inputs.security_checks }}' - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6 with: sarif_file: '${{ inputs.check_name }}-trivy-results.sarif' category: '${{ inputs.check_name }} scanning' From c858508ff5b70aaf86bbf23ea9c8eb9b0fe5aa17 Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Tue, 2 Dec 2025 14:29:56 +0100 Subject: [PATCH 2/3] Use scan_container_image action from feat branch --- .github/workflows/build_container_image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml index 5faaad7..f4fe14a 100644 --- a/.github/workflows/build_container_image.yml +++ b/.github/workflows/build_container_image.yml @@ -137,7 +137,7 @@ jobs: - name: Scan container image for vulnerabilities if: ${{ fromJson(inputs.scan_image) }} - uses: flowforge/github-actions-workflows/actions/scan_container_image@main + uses: flowforge/github-actions-workflows/actions/scan_container_image@chore-bump-containers-scan-deps with: image_ref: "ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main" check_name: "${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main" From ed1fd26de6c4af270f828c542bf65ea4d88748c7 Mon Sep 17 00:00:00 2001 From: PPawlowski Date: Tue, 9 Dec 2025 19:58:51 +0100 Subject: [PATCH 3/3] Revert "Use scan_container_image action from feat branch" This reverts commit c858508ff5b70aaf86bbf23ea9c8eb9b0fe5aa17. --- .github/workflows/build_container_image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_container_image.yml b/.github/workflows/build_container_image.yml index f4fe14a..5faaad7 100644 --- a/.github/workflows/build_container_image.yml +++ b/.github/workflows/build_container_image.yml @@ -137,7 +137,7 @@ jobs: - name: Scan container image for vulnerabilities if: ${{ fromJson(inputs.scan_image) }} - uses: flowforge/github-actions-workflows/actions/scan_container_image@chore-bump-containers-scan-deps + uses: flowforge/github-actions-workflows/actions/scan_container_image@main with: image_ref: "ghcr.io/${{ env.repository_owner_lower }}/${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main" check_name: "${{ inputs.image_name }}:${{ inputs.image_tag_prefix }}main"