Skip to content

Pin aquasecuriy/setup-trivy to hash instead of tag#456

Merged
simar7 merged 3 commits into
aquasecurity:masterfrom
lhotari:lh-pin-setup-trivy-to-hash
Apr 9, 2025
Merged

Pin aquasecuriy/setup-trivy to hash instead of tag#456
simar7 merged 3 commits into
aquasecurity:masterfrom
lhotari:lh-pin-setup-trivy-to-hash

Conversation

@lhotari

@lhotari lhotari commented Apr 2, 2025

Copy link
Copy Markdown
Contributor

Fixes #423

Pin aquasecurity/setup-trivy to hash instead of a tag so that GitHub Actions
"allowing select actions" feature can be used to whitelist the dependent action by a hash.
This is needed since some organizations have a policy to only allow pinned 3rd party actions to
be used. "Pin actions to a full length commit SHA" is recommended by GitHub and many organizations follow this best practice.

It's not currently possible to use trivy-action since the dependent action isn't pinned. This PR fixes that. More details in #423.

@CLAassistant

CLAassistant commented Apr 2, 2025
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

This was referenced Apr 2, 2025
Closed
Closed
simar7
simar7 approved these changes Apr 5, 2025
View reviewed changes

@simar7 simar7 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, what do you think @DmitriyLewen?

DmitriyLewen
DmitriyLewen reviewed Apr 7, 2025
View reviewed changes
Comment thread action.yaml Outdated
DmitriyLewen
DmitriyLewen reviewed Apr 7, 2025
View reviewed changes

@DmitriyLewen DmitriyLewen left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good and logical for me.

Left small comment

@lhotari lhotari requested a review from DmitriyLewen April 7, 2025 06:46
DmitriyLewen
DmitriyLewen approved these changes Apr 7, 2025
View reviewed changes

@DmitriyLewen DmitriyLewen left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lhotari Thanks for your work!

LGTM

cc. @simar7

@simar7 simar7 merged commit 99baf0d into aquasecurity:master Apr 9, 2025
@coderabbitai coderabbitai Bot mentioned this pull request Mar 24, 2026
Merged
@coderabbitai coderabbitai Bot mentioned this pull request Apr 3, 2026
Closed
This was referenced Apr 16, 2026
Merged
Merged
@hiddeco hiddeco mentioned this pull request Apr 21, 2026
Closed
@coderabbitai coderabbitai Bot mentioned this pull request Apr 29, 2026
Merged
This was referenced May 10, 2026
Merged
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DmitriyLewen DmitriyLewen DmitriyLewen approved these changes

+1 more reviewer

@simar7 simar7 simar7 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow pinning setup-trivy by hash

4 participants

@lhotari @CLAassistant @simar7 @DmitriyLewen