BST-17782: bump scanner composition & sci (#262)

scott-boost · web-flow · commit 7c96ea936d09 · 2025-11-18T12:20:54.000-05:00
# changes
the latest version of scanner composition:
1.  picks up ALL yaml files when scanning for azure pipeline tasks components as some customers don't use the default of `azure-pipelines.yml`
2. bumped HoundDog from v1.8.0 to v2.3.0
diff --git a/scanners/boostsecurityio/composition/module.yaml b/scanners/boostsecurityio/composition/module.yaml
@@ -17,7 +17,7 @@ steps:
       format: metadata
       command:
         docker:
-          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:38a1ebd@sha256:b71b2c0117caeb145566cc1abcd7ce14102dc26ca130b4bee65e9ad641fc1b1d
+          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:0b5a854@sha256:90b4d286e983db1b63125e52bd463cb85466edc0846f03ea7657678e5c6e7d3c
           command: scan
           workdir: /src
           environment:
diff --git a/scanners/boostsecurityio/supply-chain-inventory/module.yaml b/scanners/boostsecurityio/supply-chain-inventory/module.yaml
@@ -16,7 +16,7 @@ steps:
       format: supply_chain_inventory
       command:
         docker:
-          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:38a1ebd@sha256:b71b2c0117caeb145566cc1abcd7ce14102dc26ca130b4bee65e9ad641fc1b1d
+          image: public.ecr.aws/boostsecurityio/boost-scanner-composition:0b5a854@sha256:90b4d286e983db1b63125e52bd463cb85466edc0846f03ea7657678e5c6e7d3c
           command: inventory
           workdir: /src
           environment:
