We prefer having or Trivy configurations in trivy.yaml config files over passing the configurations via action inputs. It's more flexible (we can use configurations we couldn't when using the inputs) and the GitHub workflow code looks a bit cleaner. This worked fine until now, but after we updated to v0.26.0, the configurations in the trivy.yaml are not respected anymore. After #399 has been merged and released, the trivy-config input still exists, but it's not passed to the entrypoint.sh anymore, nor used in there.
Please re-implement passing the trivy-config to the Trivy command.
Remark: Looks like some more inputs got lost, but they could also be configured via trivy.yaml.
We prefer having or Trivy configurations in
trivy.yaml
config files over passing the configurations via action inputs. It's more flexible (we can use configurations we couldn't when using the inputs) and the GitHub workflow code looks a bit cleaner. This worked fine until now, but after we updated to v0.26.0, the configurations in thetrivy.yaml
are not respected anymore. After #399 has been merged and released, thetrivy-config
input still exists, but it's not passed to theentrypoint.sh
anymore, nor used in there.Please re-implement passing the
trivy-config
to the Trivy command.Remark: Looks like some more inputs got lost, but they could also be configured via
trivy.yaml
.As an example, our Trivy actions look like this:
And the
trivy.yaml
: