From a3adb71a2c0f063e12513f526ac2b4eac9926862 Mon Sep 17 00:00:00 2001 From: Larry Chen Date: Tue, 10 Mar 2026 15:55:49 +0800 Subject: [PATCH 1/2] chore: upgrade trivy action version --- .github/actions/trivy-scan/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/trivy-scan/action.yml b/.github/actions/trivy-scan/action.yml index 0bdc35b..37ab466 100644 --- a/.github/actions/trivy-scan/action.yml +++ b/.github/actions/trivy-scan/action.yml @@ -70,7 +70,7 @@ runs: steps: - name: Run Trivy Scan continue-on-error: true - uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1, use sha to align security guidelines + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0, use sha to align security guidelines with: scan-type: ${{ inputs.scan-type }} scan-ref: ${{ inputs.scan-ref }} From e49aacb15e48df9a1b36d34e93a406e32232c27b Mon Sep 17 00:00:00 2001 From: Larry Chen Date: Tue, 10 Mar 2026 16:31:59 +0800 Subject: [PATCH 2/2] chore: remove top vunl section --- .github/actions/trivy-scan/action.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/actions/trivy-scan/action.yml b/.github/actions/trivy-scan/action.yml index 37ab466..65ead98 100644 --- a/.github/actions/trivy-scan/action.yml +++ b/.github/actions/trivy-scan/action.yml @@ -228,13 +228,6 @@ runs: - 🟡 Medium: $HIGH - 🔵 Low/Info: $MEDIUM -
- 📋 Top Vulnerabilities - - $(jq -r '[.runs[].results // [] | .[] | select(.level == "error" or .level == "warning")] | .[0:10] | .[] | "- **\(.ruleId // "unknown")**: \(.message.text // "No description") (\(.locations[0].physicalLocation.artifactLocation.uri // "unknown"))"' "$SARIF_FILE" 2>/dev/null || echo "No details available") - -
- ${FOOTER_LINE} 🕐 Last updated: $(date -u '+%Y-%m-%d %H:%M:%S UTC') | Commit: ${SHORT_SHA}"