Bump aquasecurity/trivy-action from 0.28.0 to 0.36.0

[dependabot]

Bumps aquasecurity/trivy-action from 0.28.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

• chore(ci): update bump-trivy workflow by @​DmitriyLewen in aquasecurity/trivy-action#546
• ci: use action.yaml as single source of truth for Trivy version by @​nikpivkin in aquasecurity/trivy-action#552
• ci: replace peter-evans/create-pull-request with gh CLI by @​nikpivkin in aquasecurity/trivy-action#550
• test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @​nikpivkin in aquasecurity/trivy-action#555
• ci: add dependabot config by @​nikpivkin in aquasecurity/trivy-action#556
• chore: add zizmor config by @​nikpivkin in aquasecurity/trivy-action#557
• chore(deps): bump the actions group with 5 updates by @​dependabot[bot] in aquasecurity/trivy-action#558
• fix: use portable shebang in entrypoint.sh by @​Hayao0819 in aquasecurity/trivy-action#545
• Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @​patrik-csak in aquasecurity/trivy-action#547
• Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @​Aditya09-cse in aquasecurity/trivy-action#548
• chore: use GitHub Actions as git commit author in bump-trivy workflow by @​nikpivkin in aquasecurity/trivy-action#561
• chore(deps): Update trivy to v0.70.0 by @​Argon-DevOps-Mgt in aquasecurity/trivy-action#559
• chore: update action version to v0.36.0 in examples by @​nikpivkin in aquasecurity/trivy-action#563

New Contributors

• @​dependabot[bot] made their first contribution in aquasecurity/trivy-action#558
• @​Hayao0819 made their first contribution in aquasecurity/trivy-action#545
• @​patrik-csak made their first contribution in aquasecurity/trivy-action#547
• @​Aditya09-cse made their first contribution in aquasecurity/trivy-action#548
• @​Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Release: 0.35.0

What's Changed

• chore(deps): Update trivy to v0.69.3 by @​aqua-bot in aquasecurity/trivy-action#519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Release: v0.34.0

Full Changelog: aquasecurity/trivy-action@v0.33.1...v0.34.0

Release: v0.33.1

What's Changed

• Update setup-trivy action to version v0.2.4 by @​martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@v0.33.0...v0.33.1

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-advanced-security]

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

• The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
• Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
• You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

[dependabot]

Looks like aquasecurity/trivy-action is up-to-date now, so this is no longer needed.