-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix github dependency submission API call #162
Conversation
hi @chejn - I recently tried to use the old way and it still worked. Have you tested the new way out? Just curious. |
Hi @simar7 , I was having trouble getting this to work and was going to attempt the same change. I was able to get this PR to post the dependency snapshot. I have tried a number of things and cannot get the official 0.7.0 to work. I am curious what you are using for github_pat_token and if you have explicitly set permissions in your action yml that differs from the example in the readme. I'm happy to compare notes further, but for my configuration, I would +1 this change. |
Hi Simar, yes i have tested this method using my fork and it works. Also i was never able to get it to work using the old changes. |
Thanks for chiming in @michaelmworthington – I took another look at it again. Here's what I got: Current way:
Proposed way:
It seems that both work fine. My token only has |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks!
thanks for the info @simar7 i think i see my issue. i was using just my PAT for github-pat, i did not have my username in there. i'm still coming up to speed on GH Actions, but in most situations I've come to prefer the automatically generated GITHUB_TOKEN over a PAT. With this change, I think that means that the value for |
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action) | action | minor | `0.3.0` -> `0.16.1` | | [aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action) | action | minor | `0.6.2` -> `0.16.1` | --- ### Release Notes <details> <summary>aquasecurity/trivy-action (aquasecurity/trivy-action)</summary> ### [`v0.16.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.16.0...0.16.1) #### What's Changed - Update Trivy to 0.48.1 by [@​MartiUK](https://togithub.com/MartiUK) in [https://github.com/aquasecurity/trivy-action/pull/291](https://togithub.com/aquasecurity/trivy-action/pull/291) - docs: fix typo in README.md by [@​hairmare](https://togithub.com/hairmare) in [https://github.com/aquasecurity/trivy-action/pull/293](https://togithub.com/aquasecurity/trivy-action/pull/293) #### New Contributors - [@​MartiUK](https://togithub.com/MartiUK) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/291](https://togithub.com/aquasecurity/trivy-action/pull/291) - [@​hairmare](https://togithub.com/hairmare) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/293](https://togithub.com/aquasecurity/trivy-action/pull/293) **Full Changelog**: aquasecurity/trivy-action@0.16.0...0.16.1 ### [`v0.16.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0) ##### What's Changed - Update to trivy version 0.48.0 by [@​pragmaticivan](https://togithub.com/pragmaticivan) in [https://github.com/aquasecurity/trivy-action/pull/289](https://togithub.com/aquasecurity/trivy-action/pull/289) ##### New Contributors - [@​pragmaticivan](https://togithub.com/pragmaticivan) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/289](https://togithub.com/aquasecurity/trivy-action/pull/289) **Full Changelog**: aquasecurity/trivy-action@0.15.0...0.16.0 ### [`v0.15.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.15.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.14.0...0.15.0) ##### What's Changed - feature(config): add terraform variable files by [@​kderck](https://togithub.com/kderck) in [https://github.com/aquasecurity/trivy-action/pull/285](https://togithub.com/aquasecurity/trivy-action/pull/285) **Full Changelog**: aquasecurity/trivy-action@0.14.0...0.15.0 ### [`v0.14.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.14.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.1...0.14.0) #### What's Changed - fix: set return code after each Trivy call by [@​LiamMacP](https://togithub.com/LiamMacP) in [https://github.com/aquasecurity/trivy-action/pull/247](https://togithub.com/aquasecurity/trivy-action/pull/247) - Update to `trivy` version `0.47.0` in Dockerfile by [@​MPV](https://togithub.com/MPV) in [https://github.com/aquasecurity/trivy-action/pull/280](https://togithub.com/aquasecurity/trivy-action/pull/280) - feature: add filesystem alias by [@​kderck](https://togithub.com/kderck) in [https://github.com/aquasecurity/trivy-action/pull/269](https://togithub.com/aquasecurity/trivy-action/pull/269) #### New Contributors - [@​LiamMacP](https://togithub.com/LiamMacP) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/247](https://togithub.com/aquasecurity/trivy-action/pull/247) - [@​MPV](https://togithub.com/MPV) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/280](https://togithub.com/aquasecurity/trivy-action/pull/280) - [@​kderck](https://togithub.com/kderck) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/269](https://togithub.com/aquasecurity/trivy-action/pull/269) **Full Changelog**: aquasecurity/trivy-action@0.13.1...0.14.0 ### [`v0.13.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.0...0.13.1) #### What's Changed - Update Dockerfile to 0.46.1 by [@​witoldsleczkowski](https://togithub.com/witoldsleczkowski) in [https://github.com/aquasecurity/trivy-action/pull/277](https://togithub.com/aquasecurity/trivy-action/pull/277) #### New Contributors - [@​witoldsleczkowski](https://togithub.com/witoldsleczkowski) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/277](https://togithub.com/aquasecurity/trivy-action/pull/277) **Full Changelog**: aquasecurity/trivy-action@0.13.0...0.13.1 ### [`v0.13.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.12.0...0.13.0) #### What's Changed - fix: mark image-ref attribute optional by [@​arxeiss](https://togithub.com/arxeiss) in [https://github.com/aquasecurity/trivy-action/pull/261](https://togithub.com/aquasecurity/trivy-action/pull/261) - Update Dockerfile to 0.46.0 by [@​Cr0n1c](https://togithub.com/Cr0n1c) in [https://github.com/aquasecurity/trivy-action/pull/274](https://togithub.com/aquasecurity/trivy-action/pull/274) #### New Contributors - [@​arxeiss](https://togithub.com/arxeiss) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/261](https://togithub.com/aquasecurity/trivy-action/pull/261) - [@​Cr0n1c](https://togithub.com/Cr0n1c) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/274](https://togithub.com/aquasecurity/trivy-action/pull/274) **Full Changelog**: aquasecurity/trivy-action@0.12.0...0.13.0 ### [`v0.12.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.12.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.2...0.12.0) ##### What's Changed - chore(deps): Update trivy to v0.43.1 by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/243](https://togithub.com/aquasecurity/trivy-action/pull/243) - ci: add workflow to bump trivy by [@​nikpivkin](https://togithub.com/nikpivkin) in [https://github.com/aquasecurity/trivy-action/pull/245](https://togithub.com/aquasecurity/trivy-action/pull/245) - Update README.md to change the example to the new default brach name … by [@​jdsmithit](https://togithub.com/jdsmithit) in [https://github.com/aquasecurity/trivy-action/pull/234](https://togithub.com/aquasecurity/trivy-action/pull/234) - feat(trivy): Bump to v0.45.0 by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/256](https://togithub.com/aquasecurity/trivy-action/pull/256) ##### New Contributors - [@​nikpivkin](https://togithub.com/nikpivkin) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/245](https://togithub.com/aquasecurity/trivy-action/pull/245) - [@​jdsmithit](https://togithub.com/jdsmithit) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/234](https://togithub.com/aquasecurity/trivy-action/pull/234) **Full Changelog**: aquasecurity/trivy-action@0.11.2...0.12.0 ### [`v0.11.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.1...0.11.2) **Full Changelog**: aquasecurity/trivy-action@0.11.1...0.11.2 ### [`v0.11.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.0...0.11.1) #### What's Changed - bump trivy to v0.42.1 by [@​danielchabr](https://togithub.com/danielchabr) in [https://github.com/aquasecurity/trivy-action/pull/240](https://togithub.com/aquasecurity/trivy-action/pull/240) **Full Changelog**: aquasecurity/trivy-action@0.11.0...0.11.1 ### [`v0.11.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.10.0...0.11.0) #### What's Changed - Include args when using trivy config file by [@​hermanwh](https://togithub.com/hermanwh) in [https://github.com/aquasecurity/trivy-action/pull/231](https://togithub.com/aquasecurity/trivy-action/pull/231) - bump trivy to v0.42.0 by [@​danielchabr](https://togithub.com/danielchabr) in [https://github.com/aquasecurity/trivy-action/pull/237](https://togithub.com/aquasecurity/trivy-action/pull/237) - Enhance GitHub Dependency Snapshot upload by [@​abriko](https://togithub.com/abriko) in [https://github.com/aquasecurity/trivy-action/pull/233](https://togithub.com/aquasecurity/trivy-action/pull/233) - feat: add exit-code parameter to sarif format by [@​rogercoll](https://togithub.com/rogercoll) in [https://github.com/aquasecurity/trivy-action/pull/213](https://togithub.com/aquasecurity/trivy-action/pull/213) #### New Contributors - [@​hermanwh](https://togithub.com/hermanwh) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/231](https://togithub.com/aquasecurity/trivy-action/pull/231) - [@​danielchabr](https://togithub.com/danielchabr) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/237](https://togithub.com/aquasecurity/trivy-action/pull/237) - [@​abriko](https://togithub.com/abriko) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/233](https://togithub.com/aquasecurity/trivy-action/pull/233) - [@​rogercoll](https://togithub.com/rogercoll) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/213](https://togithub.com/aquasecurity/trivy-action/pull/213) **Full Changelog**: aquasecurity/trivy-action@0.10.0...0.11.0 ### [`v0.10.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.10.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.2...0.10.0) #### What's Changed - docs: improve SBOM documentation by [@​saerosV](https://togithub.com/saerosV) in [https://github.com/aquasecurity/trivy-action/pull/208](https://togithub.com/aquasecurity/trivy-action/pull/208) - chore: Update Trivy to 0.40.0 by [@​PerfectSlayer](https://togithub.com/PerfectSlayer) in [https://github.com/aquasecurity/trivy-action/pull/223](https://togithub.com/aquasecurity/trivy-action/pull/223) #### New Contributors - [@​saerosV](https://togithub.com/saerosV) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/208](https://togithub.com/aquasecurity/trivy-action/pull/208) - [@​PerfectSlayer](https://togithub.com/PerfectSlayer) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/223](https://togithub.com/aquasecurity/trivy-action/pull/223) **Full Changelog**: aquasecurity/trivy-action@0.9.2...0.10.0 ### [`v0.9.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.1...0.9.2) #### What's Changed - chore(deps): bump trivy to v0.38.1 by [@​DmitriyLewen](https://togithub.com/DmitriyLewen) in [https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215) - Rename security-checks to scanners by [@​sadovnikov](https://togithub.com/sadovnikov) in [https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211) #### New Contributors - [@​DmitriyLewen](https://togithub.com/DmitriyLewen) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215) - [@​sadovnikov](https://togithub.com/sadovnikov) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211) **Full Changelog**: aquasecurity/trivy-action@0.9.1...0.9.2 ### [`v0.9.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.0...0.9.1) #### What's Changed - ⬆️ bump trivy action by [@​flaxel](https://togithub.com/flaxel) in [https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203) #### New Contributors - [@​flaxel](https://togithub.com/flaxel) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203) **Full Changelog**: aquasecurity/trivy-action@0.9.0...0.9.1 ### [`v0.9.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.8.0...0.9.0) #### What's Changed - fix(sarif): Add option to limit severities for sarif ([#​192](https://togithub.com/aquasecurity/trivy-action/issues/192)) by [@​AndreyLevchenko](https://togithub.com/AndreyLevchenko) in [https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198) - docs: add trivy-config to table by [@​omarsilva1](https://togithub.com/omarsilva1) in [https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195) - Update README.md by [@​mcantu](https://togithub.com/mcantu) in [https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186) - feat(trivy): Bump Trivy to v0.37.1 by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/199](https://togithub.com/aquasecurity/trivy-action/pull/199) #### New Contributors - [@​AndreyLevchenko](https://togithub.com/AndreyLevchenko) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198) - [@​omarsilva1](https://togithub.com/omarsilva1) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195) - [@​mcantu](https://togithub.com/mcantu) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186) **Full Changelog**: aquasecurity/trivy-action@0.8.0...0.9.0 ### [`v0.8.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.8.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0) #### What's Changed - Add npm to action Dockerfile by [@​VaismanLior](https://togithub.com/VaismanLior) in [https://github.com/aquasecurity/trivy-action/pull/176](https://togithub.com/aquasecurity/trivy-action/pull/176) - Add 0.34.0 release by [@​L1ghtman2k](https://togithub.com/L1ghtman2k) in [https://github.com/aquasecurity/trivy-action/pull/177](https://togithub.com/aquasecurity/trivy-action/pull/177) #### New Contributors - [@​VaismanLior](https://togithub.com/VaismanLior) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/176](https://togithub.com/aquasecurity/trivy-action/pull/176) - [@​L1ghtman2k](https://togithub.com/L1ghtman2k) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/177](https://togithub.com/aquasecurity/trivy-action/pull/177) **Full Changelog**: aquasecurity/trivy-action@0.7.1...0.8.0 ### [`v0.7.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1) #### What's Changed - Fix github dependency submission API call by [@​chejn](https://togithub.com/chejn) in [https://github.com/aquasecurity/trivy-action/pull/162](https://togithub.com/aquasecurity/trivy-action/pull/162) #### New Contributors - [@​chejn](https://togithub.com/chejn) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/162](https://togithub.com/aquasecurity/trivy-action/pull/162) **Full Changelog**: aquasecurity/trivy-action@0.7.0...0.7.1 ### [`v0.7.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.2...0.7.0) #### What's Changed - docs: correct format and add output on config scan with sarif by [@​dirien](https://togithub.com/dirien) in [https://github.com/aquasecurity/trivy-action/pull/159](https://togithub.com/aquasecurity/trivy-action/pull/159) - feat(trivy): Bump Trivy to v0.31.2 by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/165](https://togithub.com/aquasecurity/trivy-action/pull/165) #### New Contributors - [@​dirien](https://togithub.com/dirien) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/159](https://togithub.com/aquasecurity/trivy-action/pull/159) **Full Changelog**: aquasecurity/trivy-action@0.6.2...0.7.0 ### [`v0.6.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.1...0.6.2) #### What's Changed - fix(config): Drop mixing of options with yaml config. by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/148](https://togithub.com/aquasecurity/trivy-action/pull/148) - chore: improve message output sbom with gh by [@​krol3](https://togithub.com/krol3) in [https://github.com/aquasecurity/trivy-action/pull/145](https://togithub.com/aquasecurity/trivy-action/pull/145) - fix(sarif): Add timeout and security-checks for sarif by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/156](https://togithub.com/aquasecurity/trivy-action/pull/156) **Full Changelog**: aquasecurity/trivy-action@0.6.1...0.6.2 ### [`v0.6.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1) #### What's Changed - chore(deps): Update trivy version by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/152](https://togithub.com/aquasecurity/trivy-action/pull/152) **Full Changelog**: aquasecurity/trivy-action@0.6.0...0.6.1 ### [`v0.6.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0) #### What's Changed 🔥 - feat(yaml): Add support for trivy.yaml by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/143](https://togithub.com/aquasecurity/trivy-action/pull/143) - Updated to use Trivy v0.30.2 **Full Changelog**: aquasecurity/trivy-action@0.5.1...0.6.0 ### [`v0.5.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.0...0.5.1) #### What's Changed - fix(tests): Update test golden files for Trivy v0.29.2 by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/136](https://togithub.com/aquasecurity/trivy-action/pull/136) - docs(trivy): Add instructions to scan tarballs. by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/134](https://togithub.com/aquasecurity/trivy-action/pull/134) **Full Changelog**: aquasecurity/trivy-action@0.5.0...0.5.1 ### [`v0.5.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.1...0.5.0) #### What's Changed ✨ - docs: added missing HTML template and removed deprecated SARIF template by [@​nleconte-csgroup](https://togithub.com/nleconte-csgroup) in [https://github.com/aquasecurity/trivy-action/pull/132](https://togithub.com/aquasecurity/trivy-action/pull/132) - feat(SBOM): Support SBOM generation by [@​simar7](https://togithub.com/simar7) in [https://github.com/aquasecurity/trivy-action/pull/129](https://togithub.com/aquasecurity/trivy-action/pull/129) #### New Contributors ❤️ - [@​nleconte-csgroup](https://togithub.com/nleconte-csgroup) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/132](https://togithub.com/aquasecurity/trivy-action/pull/132) **Full Changelog**: aquasecurity/trivy-action@0.4.1...0.5.0 ### [`v0.4.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.0...0.4.1) #### What's Changed - feat: update codeql-action/upload-sarif to v2 by [@​dotdc](https://togithub.com/dotdc) in [https://github.com/aquasecurity/trivy-action/pull/124](https://togithub.com/aquasecurity/trivy-action/pull/124) - Add missing option to README. by [@​achton](https://togithub.com/achton) in [https://github.com/aquasecurity/trivy-action/pull/127](https://togithub.com/aquasecurity/trivy-action/pull/127) - chore: pinning 0.29.0 trivy by [@​krol3](https://togithub.com/krol3) in [https://github.com/aquasecurity/trivy-action/pull/128](https://togithub.com/aquasecurity/trivy-action/pull/128) #### New Contributors - [@​dotdc](https://togithub.com/dotdc) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/124](https://togithub.com/aquasecurity/trivy-action/pull/124) **Full Changelog**: aquasecurity/trivy-action@0.4.0...0.4.1 ### [`v0.4.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0) #### What's Changed ✨ - Enable security checks option for image type by [@​tanguy-platsec](https://togithub.com/tanguy-platsec) in [https://github.com/aquasecurity/trivy-action/pull/112](https://togithub.com/aquasecurity/trivy-action/pull/112) - Update Trivy Version in Dockerfile by [@​b34rd-tek](https://togithub.com/b34rd-tek) in [https://github.com/aquasecurity/trivy-action/pull/117](https://togithub.com/aquasecurity/trivy-action/pull/117) - Use AWS public ECR instead of rate-limiting dockerhub by [@​tanguy-platsec](https://togithub.com/tanguy-platsec) in [https://github.com/aquasecurity/trivy-action/pull/118](https://togithub.com/aquasecurity/trivy-action/pull/118) - Add support for --ignorefile option (.trivyignore) by [@​achton](https://togithub.com/achton) in [https://github.com/aquasecurity/trivy-action/pull/122](https://togithub.com/aquasecurity/trivy-action/pull/122) - Update tests for 0.28.1 and convert to JSON by [@​achton](https://togithub.com/achton) in [https://github.com/aquasecurity/trivy-action/pull/126](https://togithub.com/aquasecurity/trivy-action/pull/126) #### New Contributors ❤️ - [@​tanguy-platsec](https://togithub.com/tanguy-platsec) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/112](https://togithub.com/aquasecurity/trivy-action/pull/112) - [@​b34rd-tek](https://togithub.com/b34rd-tek) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/117](https://togithub.com/aquasecurity/trivy-action/pull/117) - [@​achton](https://togithub.com/achton) made their first contribution in [https://github.com/aquasecurity/trivy-action/pull/122](https://togithub.com/aquasecurity/trivy-action/pull/122) **Full Changelog**: aquasecurity/trivy-action@0.3.0...0.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/newrelic/helm-charts). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Curl in line 189 incorrectly provides credentials to the github dependency submission API.