sozercan
commented
1 year ago @pauldotyu where are you getting this error? ideally we want to use pinned hashes instead of mutable tags
Closed pauldotyu closed 1 year ago
sozercan
commented
1 year ago @pauldotyu where are you getting this error? ideally we want to use pinned hashes instead of mutable tags
pauldotyu
commented
1 year ago @pauldotyu where are you getting this error? ideally we want to use pinned hashes instead of mutable tags
I spun up a test repo on GH and copy-pasted the sample workflow from the README and the workflow run resulted in the following error:
Error: An action could not be found at the URI 'https://api.github.com/repos/aquasecurity/trivy-action/tarball/465a07811f14bebb1938fbed4728c6a1ff8901fc' (E4C1:5301:103E0D:1DDBF4:6505F51D)Updating to a recent version of the action is what made it work, so maybe we just need to pin to a later hash?
sozercan
commented
1 year ago @pauldotyu yea looks like that commit is not found: https://github.com/aquasecurity/trivy-action/commit/465a07811f14bebb1938fbed4728c6a1ff8901fc
updating to latest commit sgtm and please make sure to sign the DCO. Thanks!
The pinned versions of docker and trivy actions were resulting in "An action could not be found at the URI" errors.