🐛 fix(ci): pin Trivy to v0.69.2 - v0.69.1 install script broken

2026-04-06 00:32:04 +02:00 · 2026-03-02 16:36:26 +08:00
parent be4f2bc125
commit ee33d507f7
1 changed files with 6 additions and 0 deletions
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -424,6 +424,7 @@ jobs:
        uses: aquasecurity/trivy-action@0.34.1
        with:
          image-ref: 'tor-relay:test'
+          version: 'v0.69.2'
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH,MEDIUM'
@@ -461,6 +462,7 @@ jobs:
        uses: aquasecurity/trivy-action@0.34.1
        with:
          image-ref: 'tor-relay:test'
+          version: 'v0.69.2'
          format: 'table'
          severity: 'CRITICAL,HIGH'
          vuln-type: 'os,library'
@@ -470,6 +472,7 @@ jobs:
        uses: aquasecurity/trivy-action@0.34.1
        with:
          image-ref: 'tor-relay:test'
+          version: 'v0.69.2'
          format: 'json'
          output: 'trivy-full-report.json'
          severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
@@ -480,6 +483,7 @@ jobs:
        uses: aquasecurity/trivy-action@0.34.1
        with:
          image-ref: 'tor-relay:test'
+          version: 'v0.69.2'
          scanners: 'secret'
          format: 'table'
        continue-on-error: true
@@ -488,6 +492,7 @@ jobs:
        uses: aquasecurity/trivy-action@0.34.1
        with:
          image-ref: 'tor-relay:test'
+          version: 'v0.69.2'
          scanners: 'config'
          format: 'table'
        continue-on-error: true
@@ -497,6 +502,7 @@ jobs:
        with:
          scan-type: 'fs'
          scan-ref: '.'
+          version: 'v0.69.2'
          format: 'table'
          severity: 'CRITICAL,HIGH'
          scanners: 'vuln,secret,config,license'