From 95e81a925fba2c5977fce6bfee477f0fca22573d Mon Sep 17 00:00:00 2001 From: Mark Sagi-Kazar Date: Thu, 14 Apr 2022 15:08:26 +0200 Subject: [PATCH] ci: update trivy scan job Signed-off-by: Mark Sagi-Kazar --- .github/workflows/artifacts.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml index 032efb49..63c3e840 100644 --- a/.github/workflows/artifacts.yaml +++ b/.github/workflows/artifacts.yaml @@ -106,11 +106,10 @@ jobs: steps: - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.2.3 + uses: aquasecurity/trivy-action@0.2.4 with: image-ref: "ghcr.io/dexidp/dex:${{ needs.container-images.outputs.version }}" - format: "template" - template: "@/contrib/sarif.tpl" + format: "sarif" output: "trivy-results.sarif" - name: Upload Trivy scan results to GitHub Security tab