security: Update trivy-action to v0.35.0

Updates aquasecurity/trivy-action from mutable references to SHA-pinned version to address security vulnerabilities. - Updates to v0.35.0 (57a97c7e) - Pins to specific SHA for immutability - Addresses issue: aquasecurity/trivy#10425 Signed-off-by: Priyanka Saggu <priyankasaggu11929@gmail.com>
2026-04-05 10:17:30 +00:00 · 2026-03-22 18:42:48 +01:00
parent 0fafc09fff
commit 1ca2edbb59
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -29,7 +29,7 @@ jobs:
          IMAGE_TAG=${HELM_IMAGE_TAG:-security-test}
          VERSION=security-test make image
      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
        with:
          image-ref: 'descheduler:security-test'
          format: 'sarif'