Update CI to use Trivy v0.57.1

This new version of Trivy supports multiple image registry fallbacks to handle the increase GHCR rate limiting errors Signed-off-by: Ivan Sim <[email protected]> (cherry picked from commit 7993dda)
tserong · Nov 22, 2024 · 97068c3 · 97068c3
1 parent 7092e1f
commit 97068c3
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -18,8 +18,9 @@ jobs:
         run: curl -fsSO https://raw.githubusercontent.com/rancher/vexhub/refs/heads/main/reports/rancher.openvex.json
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
+          version: 'v0.57.1'
           scan-type: 'fs'
           ignore-unfixed: true
           format: 'sarif'