pin trivy-action to commit hash for release 0.35.0 to avoid compromised versions (#1897)

Author: dandelany

.github/workflows/publish.yml

@@ -58,7 +58,8 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Scan aerie-ui Docker image
-        uses: aquasecurity/trivy-action@master
+        # pinned to commit for v0.35.0 https://github.com/aquasecurity/trivy-action/releases/tag/v0.35.0
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           image-ref: ${{ env.REGISTRY }}/nasa-ammos/aerie-ui:${{ github.sha }}
           format: 'table'