Bump aquasecurity/trivy-action from 0.24.0 to 0.28.0

[dependabot[bot]]

Bumps aquasecurity/trivy-action from 0.24.0 to 0.28.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.28.0

What's Changed

• chore(deps): bump setup-trivy to v0.2.1 by @​DmitriyLewen in aquasecurity/trivy-action#411

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.27.0...0.28.0

v0.27.0

What's Changed

• ci: use setup-trivy to install Trivy by @​DmitriyLewen in aquasecurity/trivy-action#406
• chore: update description for scanners and format inputs by @​nikpivkin in aquasecurity/trivy-action#407
• fix: set envs only when passed by @​knqyf263 in aquasecurity/trivy-action#405

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.26.0...0.27.0

v0.26.0

What's Changed

• docs: add usage info about action/cache for trivy databases by @​DmitriyLewen in aquasecurity/trivy-action#397
• feat: store artifacts in cache by default by @​knqyf263 in aquasecurity/trivy-action#399

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.25.0...0.26.0

v0.25.0

What's Changed

• fix(Makefile): recursive option typo by @​chohner in aquasecurity/trivy-action#371
• chore: use checks bundle snapshot from trivy-action by @​nikpivkin in aquasecurity/trivy-action#388
• Upgrade GitHub actions by @​obounaim in aquasecurity/trivy-action#374
• ci: sync trivy-checks version 1 by @​nikpivkin in aquasecurity/trivy-action#398
• feat(trivy): Bump to support v0.56.1 by @​simar7 in aquasecurity/trivy-action#387

New Contributors

• @​chohner made their first contribution in aquasecurity/trivy-action#371
• @​obounaim made their first contribution in aquasecurity/trivy-action#374

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.24.0...0.25.0

Commits

• 915b19b chore(deps): bump setup-trivy to v0.2.1 (#411)
• 5681af8 fix: set envs only when passed (#405)
• 8078967 chore: update description for scanners and format inputs (#407)
• 0fa0cdb ci: use setup-trivy to install Trivy (#406)
• a20de54 feat: store artifacts in cache by default (#399)
• 1b8b83d docs: add usage info about action/cache for trivy databases (#397)
• f781cce feat(trivy): Bump to support v0.56.1 (#387)
• 54f21d8 ci: sync trivy-checks version 1 (#398)
• 89b14e5 Upgrade GitHub actions (#374)
• 97646fe chore: use checks bundle snapshot from trivy-action (#388)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[manics]

Running Trivy with options: trivy image rebuilt-image
2024-11-01T07:41:44Z    INFO    [vuln] Vulnerability scanning is enabled
2024-11-01T07:41:44Z    INFO    [secret] Secret scanning is enabled
2024-11-01T07:41:44Z    INFO    [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-11-01T07:41:44Z    INFO    [secret] Please see also https://aquasecurity.github.io/trivy/v0.56/docs/scanner/secret#recommendation for faster secret detection
2024-11-01T07:41:46Z    INFO    Detected OS family="alpine" version="3.18.9"
2024-11-01T07:41:46Z    INFO    [alpine] Detecting vulnerabilities...   os_version="3.18" repository="3.18" pkg_num=18
2024-11-01T07:41:46Z    INFO    Number of language-specific files   num=0
2024-11-01T07:41:46Z    WARN    Using severities from other vendors for some vulnerabilities. Read https://aquasecurity.github.io/trivy/v0.56/docs/scanner/vulnerability#severity-selection for details.
Process completed with exit code 1.

It fails on a rerun too