build: pin Trivy version to 0.57.1 for reproducible CI builds

ManiDeepakThumu · claude · ManiDeepakThumu · commit 3b944545d708 · 2026-01-26T12:42:52.000Z
Pin Trivy to version 0.57.1 instead of using @latest to ensure: - Consistent security scan results between local and CI environments - Reproducible builds across different environments - Protection against unexpected failures from new Trivy releases Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
diff --git a/devbox.json b/devbox.json
@@ -4,7 +4,7 @@
     "kubectl@latest",
     "chart-testing@latest",
     "pre-commit@latest",
-    "trivy@latest",
+    "trivy@0.57.1",
     "checkov@3.2.336",
     "kubernetes-helm@latest",
     "actionlint@latest",
