Bump aquasecurity/trivy-action from 0.28.0 to 0.36.0 by dependabot[bot] · Pull Request #3 · PythonistaMX/api-github-actions-demo

dependabot · 2026-05-21T18:03:18Z

Bumps aquasecurity/trivy-action from 0.28.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in aquasecurity/trivy-action#546

ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in aquasecurity/trivy-action#552

ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in aquasecurity/trivy-action#550

test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in aquasecurity/trivy-action#555

ci: add dependabot config by @nikpivkin in aquasecurity/trivy-action#556

chore: add zizmor config by @nikpivkin in aquasecurity/trivy-action#557

chore(deps): bump the actions group with 5 updates by @dependabot[bot] in aquasecurity/trivy-action#558

fix: use portable shebang in entrypoint.sh by @Hayao0819 in aquasecurity/trivy-action#545

Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in aquasecurity/trivy-action#547

Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in aquasecurity/trivy-action#548

chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in aquasecurity/trivy-action#561

chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in aquasecurity/trivy-action#559

chore: update action version to v0.36.0 in examples by @nikpivkin in aquasecurity/trivy-action#563

New Contributors

@dependabot[bot] made their first contribution in aquasecurity/trivy-action#558

@Hayao0819 made their first contribution in aquasecurity/trivy-action#545

@patrik-csak made their first contribution in aquasecurity/trivy-action#547

@Aditya09-cse made their first contribution in aquasecurity/trivy-action#548

@Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Release: 0.35.0

What's Changed

chore(deps): Update trivy to v0.69.3 by @aqua-bot in aquasecurity/trivy-action#519

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Release: v0.34.0

Full Changelog: aquasecurity/trivy-action@v0.33.1...v0.34.0

Release: v0.33.1

What's Changed

Update setup-trivy action to version v0.2.4 by @martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@v0.33.0...v0.33.1

... (truncated)

Commits

See full diff in compare view

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.28.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.28.0...v0.36.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-25T19:07:41Z

Looks like aquasecurity/trivy-action is up-to-date now, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 21, 2026

dependabot Bot had a problem deploying to test May 21, 2026 18:03 Failure

dependabot Bot force-pushed the dependabot/github_actions/aquasecurity/trivy-action-0.36.0 branch from 44c6121 to 294bdff Compare May 25, 2026 18:54

dependabot Bot requested a review from josechval as a code owner May 25, 2026 18:54

dependabot Bot had a problem deploying to test May 25, 2026 18:54 Error

dependabot Bot had a problem deploying to test May 25, 2026 18:54 Failure

dependabot Bot had a problem deploying to test May 25, 2026 18:54 Error

josechval approved these changes May 25, 2026

View reviewed changes

dependabot Bot closed this May 25, 2026

dependabot Bot deleted the dependabot/github_actions/aquasecurity/trivy-action-0.36.0 branch May 25, 2026 19:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump aquasecurity/trivy-action from 0.28.0 to 0.36.0#3

Bump aquasecurity/trivy-action from 0.28.0 to 0.36.0#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/aquasecurity/trivy-action-0.36.0

dependabot Bot commented on behalf of github May 21, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 21, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.36.0

What's Changed

New Contributors

Release: 0.35.0

What's Changed

Release: v0.35.0

Release: v0.34.0

Release: v0.33.1

What's Changed

Uh oh!

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 21, 2026 •

edited

Loading