diff --git a/.github/workflows/envia-a-docker.yaml b/.github/workflows/envia-a-docker.yaml index 9e4668e..613d1ae 100644 --- a/.github/workflows/envia-a-docker.yaml +++ b/.github/workflows/envia-a-docker.yaml @@ -59,7 +59,7 @@ jobs: - name: Trivy config scan # Bloquea el publish ante hallazgos de alta severidad. - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: scan-type: config hide-progress: true @@ -104,7 +104,7 @@ jobs: run: echo "IMAGE_REF=josechval/apiflask-demo@${{ steps.build_and_push.outputs.digest }}" >> "$GITHUB_ENV" - name: Trivy image scan - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: ${{ env.IMAGE_REF }} format: table diff --git a/.github/workflows/envia-a-packages.yml b/.github/workflows/envia-a-packages.yml index a80c4e4..c2aba32 100644 --- a/.github/workflows/envia-a-packages.yml +++ b/.github/workflows/envia-a-packages.yml @@ -64,7 +64,7 @@ jobs: - name: Trivy config scan # Bloquea el publish ante hallazgos de alta severidad. - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: scan-type: config hide-progress: true @@ -110,7 +110,7 @@ jobs: run: echo "IMAGE_REF=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build_and_push.outputs.digest }}" >> "$GITHUB_ENV" - name: Trivy image scan - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: image-ref: ${{ env.IMAGE_REF }} format: table diff --git a/.github/workflows/python-app-test.yml b/.github/workflows/python-app-test.yml index 7ca3455..e58f0bf 100644 --- a/.github/workflows/python-app-test.yml +++ b/.github/workflows/python-app-test.yml @@ -93,7 +93,7 @@ jobs: - name: Escanear dependencias con Trivy (fs) # scan-type: fs analiza el proyecto completo incluyendo uv.lock para detectar # vulnerabilidades conocidas (CVEs) en las dependencias antes de construir la imagen. - uses: aquasecurity/trivy-action@0.28.0 + uses: aquasecurity/trivy-action@v0.36.0 with: scan-type: fs scan-ref: .