Pin trivy (#82)

* ci: pin trivy

* ci: remove codeowners

Author: aaron-steinfeld

.github/CODEOWNERS

@@ -1,5 +1,5 @@
 # Each line is a file pattern followed by one or more owners.
 
 # global
-* @jbahire @aaron-steinfeld @kotharironak @ravisingal @tim-mwangi
+* @aaron-steinfeld @ravisingal @tim-mwangi
 

trivy-fs-scan/action.yaml

@@ -73,7 +73,7 @@ runs:
         touch .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         scan-type: 'fs'
         scan-ref: ${{ inputs.scan-ref }}

trivy-image-scan/action.yml

@@ -86,7 +86,7 @@ runs:
         cat $GITHUB_ACTION_PATH/.trivyignore >> .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}
@@ -104,7 +104,7 @@ runs:
 
     - name: Rerun Trivy vulnerability scanner with logging
       if: failure() && inputs.output-mode != 'log'
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}