From 6139d3ab5f3b153c5ed1415adb1933cecc16d089 Mon Sep 17 00:00:00 2001
From: Vaso Putica <vaso.putica@oracle.com>
Date: Tue, 24 Mar 2026 15:39:13 +0100
Subject: [PATCH] Pin Trivy

---
 .github/workflows/build-trivy.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-trivy.yaml b/.github/workflows/build-trivy.yaml
index 0cd51f2..24fe9e3 100644
--- a/.github/workflows/build-trivy.yaml
+++ b/.github/workflows/build-trivy.yaml
@@ -1,4 +1,4 @@
-# Copyright 2021, 2025 Oracle Corporation and/or its affiliates.
+# Copyright 2021, 2026 Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at
 # https://oss.oracle.com/licenses/upl.
 
@@ -28,7 +28,7 @@ jobs:
         fetch-depth: 0
 
     - name: Run Trivy vulnerability scanner to scan repo
-      uses: aquasecurity/trivy-action@0.35.0
+      uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
       with:
         scan-type: 'fs'
         skip-dirs: 'java'