Fix hash for trivy-action

mtupitsyn · mtupitsyn · commit 649bebb73998 · 2026-03-23T07:51:42.000-07:00
diff --git a/.github/workflows/build-sign-scan.yaml b/.github/workflows/build-sign-scan.yaml
@@ -350,7 +350,7 @@ jobs:
       continue-on-error: true
 
     - name: Run Trivy Vulnerability Scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
       if: ${{ inputs.trivy }}
       id: trivy
       with:
diff --git a/container-images/scan/trivy/action.yml b/container-images/scan/trivy/action.yml
@@ -55,7 +55,7 @@ runs:
     # Get default Trivy results (table format)
     - name: Run Trivy vulnerability scanner
       id: scan
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v.0.35.0
       continue-on-error: true
       with:
         image-ref: ${{ inputs.image }}
@@ -70,7 +70,7 @@ runs:
 
     # Run Trivy again to get JSON results -- Trivy uses results cached from previous run
     - name: Run Trivy vulnerability scanner (JSON results)
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v.0.35.0
       with:
         image-ref: ${{ inputs.image }}
         format: table
