percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2026-05-07 01:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(ci): pin trivy-action to known-good SHA v0.35.0

Browse Source 
- Replace mutable tag reference with immutable SHA
- Mitigates aquasecurity/trivy-action supply chain compromise
This commit is contained in:
Anderson Nogueira
2026-03-24 15:22:30 +00:00
parent c8871d1e14
commit da812e2663
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/toolkit.yml
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
- name: Build the Docker image
run: echo "FROM oraclelinux:9-slim" > Dockerfile; echo "RUN microdnf -y update" >> Dockerfile; echo "COPY bin/* /usr/bin/" >> Dockerfile; docker build . --file Dockerfile --tag percona-toolkit:${{ github.sha }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
with:
image-ref: 'percona-toolkit:${{ github.sha }}'
format: 'table'