fix(ci): pin trivy-action to a specific commit (#9)

gowthamrao · web-flow · commit dc9d8fb1f4b2 · 2025-10-25T14:02:36.000-04:00
The `aquasecurity/trivy-action@main` reference was failing because the 'main' branch is not a valid version.

This commit updates the workflow to use a specific, stable commit SHA, which resolves the error and improves the reliability of the CI/CD pipeline.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -44,7 +44,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Scan for vulnerabilities
-        uses: aquasecurity/trivy-action@main
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
           format: 'table'
