From 4c6a76bba57f506e7253072579606480cec86541 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 25 Oct 2025 17:50:38 +0000
Subject: [PATCH] fix(ci): pin trivy-action to a specific commit

The `aquasecurity/trivy-action@main` reference was failing because the 'main' branch is not a valid version.

This commit updates the workflow to use a specific, stable commit SHA, which resolves the error and improves the reliability of the CI/CD pipeline.
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 23bcaeb..de55dea 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -44,7 +44,7 @@ jobs:
           cache-to: type=gha,mode=max
 
       - name: Scan for vulnerabilities
-        uses: aquasecurity/trivy-action@main
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
         with:
           image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
           format: 'table'