ci: pin trivy

aaron-steinfeld · aaron-steinfeld · commit 49dcbffab9a4 · 2025-08-29T12:44:22.000-04:00
diff --git a/trivy-fs-scan/action.yaml b/trivy-fs-scan/action.yaml
@@ -73,7 +73,7 @@ runs:
         touch .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         scan-type: 'fs'
         scan-ref: ${{ inputs.scan-ref }}
diff --git a/trivy-image-scan/action.yml b/trivy-image-scan/action.yml
@@ -86,7 +86,7 @@ runs:
         cat $GITHUB_ACTION_PATH/.trivyignore >> .trivyignore
 
     - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}
@@ -104,7 +104,7 @@ runs:
 
     - name: Rerun Trivy vulnerability scanner with logging
       if: failure() && inputs.output-mode != 'log'
-      uses: aquasecurity/trivy-action@master
+      uses: aquasecurity/trivy-action@9ea583eb67910444b1f64abf338bd2e105a0a93d
       with:
         trivyignores: ${{ inputs.trivyignores }}
         image-ref: ${{ inputs.image }}:${{ steps.tag.outputs.TRIVY_IMAGE_TAG }}
