Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix github dependency submission API call #162

Merged
merged 3 commits into from
Aug 17, 2022
Merged

Conversation

chejn
Copy link
Contributor

@chejn chejn commented Aug 10, 2022

Curl in line 189 incorrectly provides credentials to the github dependency submission API.

@CLAassistant
Copy link

CLAassistant commented Aug 10, 2022

CLA assistant check
All committers have signed the CLA.

@simar7 simar7 self-requested a review August 15, 2022 18:10
@simar7
Copy link
Member

simar7 commented Aug 17, 2022

Curl in line 189 incorrectly provides credentials to the github dependency submission API.

hi @chejn - I recently tried to use the old way and it still worked. Have you tested the new way out? Just curious.

@michaelmworthington
Copy link

Hi @simar7 , I was having trouble getting this to work and was going to attempt the same change.

I was able to get this PR to post the dependency snapshot. I have tried a number of things and cannot get the official 0.7.0 to work. I am curious what you are using for github_pat_token and if you have explicitly set permissions in your action yml that differs from the example in the readme.

I'm happy to compare notes further, but for my configuration, I would +1 this change.

@chejn
Copy link
Contributor Author

chejn commented Aug 17, 2022

Curl in line 189 incorrectly provides credentials to the github dependency submission API.

hi @chejn - I recently tried to use the old way and it still worked. Have you tested the new way out? Just curious.

Hi Simar, yes i have tested this method using my fork and it works. Also i was never able to get it to work using the old changes.

@simar7
Copy link
Member

simar7 commented Aug 17, 2022

Hi @simar7 , I was having trouble getting this to work and was going to attempt the same change.

I was able to get this PR to post the dependency snapshot. I have tried a number of things and cannot get the official 0.7.0 to work. I am curious what you are using for github_pat_token and if you have explicitly set permissions in your action yml that differs from the example in the readme.

I'm happy to compare notes further, but for my configuration, I would +1 this change.

Thanks for chiming in @michaelmworthington – I took another look at it again. Here's what I got:

Current way:

GITHUB_REPOSITORY="org/repo"; curl -u "simar7:<token>" -H 'Content-Type: application/json' 'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./sbom.file
{
  "id": 363574,
  "created_at": "2022-08-17T21:47:11.457Z",
  "result": "SUCCESS",
  "message": "Dependency results for the repo have been successfully updated."
}

Proposed way:

curl -X POST -H "Accept: application/vnd.github+json" -H "Authorization: token <token>" "https://api.github.com/repos/org/repo/dependency-graph/snapshots" -d @./sbom.file
{
  "id": 363575,
  "created_at": "2022-08-17T21:49:50.196Z",
  "result": "SUCCESS",
  "message": "Dependency results for the repo have been successfully updated."
}

It seems that both work fine. My token only has repo scope set as mentioned in the docs. But I'm happy to update it to follow the API spec.

Copy link
Member

@simar7 simar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@michaelmworthington
Copy link

michaelmworthington commented Aug 17, 2022

thanks for the info @simar7

i think i see my issue. i was using just my PAT for github-pat, i did not have my username in there.

i'm still coming up to speed on GH Actions, but in most situations I've come to prefer the automatically generated GITHUB_TOKEN over a PAT.

With this change, I think that means that the value for github-pat in the action yaml would need to change. if that's true, this is probably a breaking change for folks that have not pinned a version.

juanjjaramillo referenced this pull request in newrelic/helm-charts Jan 22, 2024
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action)
| action | minor | `0.3.0` -> `0.16.1` |
|
[aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action)
| action | minor | `0.6.2` -> `0.16.1` |

---

### Release Notes

<details>
<summary>aquasecurity/trivy-action (aquasecurity/trivy-action)</summary>

###
[`v0.16.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.16.0...0.16.1)

#### What's Changed

- Update Trivy to 0.48.1 by
[@&#8203;MartiUK](https://togithub.com/MartiUK) in
[https://github.com/aquasecurity/trivy-action/pull/291](https://togithub.com/aquasecurity/trivy-action/pull/291)
- docs: fix typo in README.md by
[@&#8203;hairmare](https://togithub.com/hairmare) in
[https://github.com/aquasecurity/trivy-action/pull/293](https://togithub.com/aquasecurity/trivy-action/pull/293)

#### New Contributors

- [@&#8203;MartiUK](https://togithub.com/MartiUK) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/291](https://togithub.com/aquasecurity/trivy-action/pull/291)
- [@&#8203;hairmare](https://togithub.com/hairmare) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/293](https://togithub.com/aquasecurity/trivy-action/pull/293)

**Full Changelog**:
aquasecurity/trivy-action@0.16.0...0.16.1

###
[`v0.16.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0)

##### What's Changed

- Update to trivy version 0.48.0 by
[@&#8203;pragmaticivan](https://togithub.com/pragmaticivan) in
[https://github.com/aquasecurity/trivy-action/pull/289](https://togithub.com/aquasecurity/trivy-action/pull/289)

##### New Contributors

- [@&#8203;pragmaticivan](https://togithub.com/pragmaticivan) made their
first contribution in
[https://github.com/aquasecurity/trivy-action/pull/289](https://togithub.com/aquasecurity/trivy-action/pull/289)

**Full Changelog**:
aquasecurity/trivy-action@0.15.0...0.16.0

###
[`v0.15.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.15.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.14.0...0.15.0)

##### What's Changed

- feature(config): add terraform variable files by
[@&#8203;kderck](https://togithub.com/kderck) in
[https://github.com/aquasecurity/trivy-action/pull/285](https://togithub.com/aquasecurity/trivy-action/pull/285)

**Full Changelog**:
aquasecurity/trivy-action@0.14.0...0.15.0

###
[`v0.14.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.14.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.1...0.14.0)

#### What's Changed

- fix: set return code after each Trivy call by
[@&#8203;LiamMacP](https://togithub.com/LiamMacP) in
[https://github.com/aquasecurity/trivy-action/pull/247](https://togithub.com/aquasecurity/trivy-action/pull/247)
- Update to `trivy` version `0.47.0` in Dockerfile by
[@&#8203;MPV](https://togithub.com/MPV) in
[https://github.com/aquasecurity/trivy-action/pull/280](https://togithub.com/aquasecurity/trivy-action/pull/280)
- feature: add filesystem alias by
[@&#8203;kderck](https://togithub.com/kderck) in
[https://github.com/aquasecurity/trivy-action/pull/269](https://togithub.com/aquasecurity/trivy-action/pull/269)

#### New Contributors

- [@&#8203;LiamMacP](https://togithub.com/LiamMacP) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/247](https://togithub.com/aquasecurity/trivy-action/pull/247)
- [@&#8203;MPV](https://togithub.com/MPV) made their first contribution
in
[https://github.com/aquasecurity/trivy-action/pull/280](https://togithub.com/aquasecurity/trivy-action/pull/280)
- [@&#8203;kderck](https://togithub.com/kderck) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/269](https://togithub.com/aquasecurity/trivy-action/pull/269)

**Full Changelog**:
aquasecurity/trivy-action@0.13.1...0.14.0

###
[`v0.13.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.0...0.13.1)

#### What's Changed

- Update Dockerfile to 0.46.1 by
[@&#8203;witoldsleczkowski](https://togithub.com/witoldsleczkowski) in
[https://github.com/aquasecurity/trivy-action/pull/277](https://togithub.com/aquasecurity/trivy-action/pull/277)

#### New Contributors

- [@&#8203;witoldsleczkowski](https://togithub.com/witoldsleczkowski)
made their first contribution in
[https://github.com/aquasecurity/trivy-action/pull/277](https://togithub.com/aquasecurity/trivy-action/pull/277)

**Full Changelog**:
aquasecurity/trivy-action@0.13.0...0.13.1

###
[`v0.13.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.12.0...0.13.0)

#### What's Changed

- fix: mark image-ref attribute optional by
[@&#8203;arxeiss](https://togithub.com/arxeiss) in
[https://github.com/aquasecurity/trivy-action/pull/261](https://togithub.com/aquasecurity/trivy-action/pull/261)
- Update Dockerfile to 0.46.0 by
[@&#8203;Cr0n1c](https://togithub.com/Cr0n1c) in
[https://github.com/aquasecurity/trivy-action/pull/274](https://togithub.com/aquasecurity/trivy-action/pull/274)

#### New Contributors

- [@&#8203;arxeiss](https://togithub.com/arxeiss) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/261](https://togithub.com/aquasecurity/trivy-action/pull/261)
- [@&#8203;Cr0n1c](https://togithub.com/Cr0n1c) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/274](https://togithub.com/aquasecurity/trivy-action/pull/274)

**Full Changelog**:
aquasecurity/trivy-action@0.12.0...0.13.0

###
[`v0.12.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.12.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.2...0.12.0)

##### What's Changed

- chore(deps): Update trivy to v0.43.1 by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/243](https://togithub.com/aquasecurity/trivy-action/pull/243)
- ci: add workflow to bump trivy by
[@&#8203;nikpivkin](https://togithub.com/nikpivkin) in
[https://github.com/aquasecurity/trivy-action/pull/245](https://togithub.com/aquasecurity/trivy-action/pull/245)
- Update README.md to change the example to the new default brach name …
by [@&#8203;jdsmithit](https://togithub.com/jdsmithit) in
[https://github.com/aquasecurity/trivy-action/pull/234](https://togithub.com/aquasecurity/trivy-action/pull/234)
- feat(trivy): Bump to v0.45.0 by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/256](https://togithub.com/aquasecurity/trivy-action/pull/256)

##### New Contributors

- [@&#8203;nikpivkin](https://togithub.com/nikpivkin) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/245](https://togithub.com/aquasecurity/trivy-action/pull/245)
- [@&#8203;jdsmithit](https://togithub.com/jdsmithit) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/234](https://togithub.com/aquasecurity/trivy-action/pull/234)

**Full Changelog**:
aquasecurity/trivy-action@0.11.2...0.12.0

###
[`v0.11.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.2)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.1...0.11.2)

**Full Changelog**:
aquasecurity/trivy-action@0.11.1...0.11.2

###
[`v0.11.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.0...0.11.1)

#### What's Changed

- bump trivy to v0.42.1 by
[@&#8203;danielchabr](https://togithub.com/danielchabr) in
[https://github.com/aquasecurity/trivy-action/pull/240](https://togithub.com/aquasecurity/trivy-action/pull/240)

**Full Changelog**:
aquasecurity/trivy-action@0.11.0...0.11.1

###
[`v0.11.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.10.0...0.11.0)

#### What's Changed

- Include args when using trivy config file by
[@&#8203;hermanwh](https://togithub.com/hermanwh) in
[https://github.com/aquasecurity/trivy-action/pull/231](https://togithub.com/aquasecurity/trivy-action/pull/231)
- bump trivy to v0.42.0 by
[@&#8203;danielchabr](https://togithub.com/danielchabr) in
[https://github.com/aquasecurity/trivy-action/pull/237](https://togithub.com/aquasecurity/trivy-action/pull/237)
- Enhance GitHub Dependency Snapshot upload by
[@&#8203;abriko](https://togithub.com/abriko) in
[https://github.com/aquasecurity/trivy-action/pull/233](https://togithub.com/aquasecurity/trivy-action/pull/233)
- feat: add exit-code parameter to sarif format by
[@&#8203;rogercoll](https://togithub.com/rogercoll) in
[https://github.com/aquasecurity/trivy-action/pull/213](https://togithub.com/aquasecurity/trivy-action/pull/213)

#### New Contributors

- [@&#8203;hermanwh](https://togithub.com/hermanwh) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/231](https://togithub.com/aquasecurity/trivy-action/pull/231)
- [@&#8203;danielchabr](https://togithub.com/danielchabr) made their
first contribution in
[https://github.com/aquasecurity/trivy-action/pull/237](https://togithub.com/aquasecurity/trivy-action/pull/237)
- [@&#8203;abriko](https://togithub.com/abriko) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/233](https://togithub.com/aquasecurity/trivy-action/pull/233)
- [@&#8203;rogercoll](https://togithub.com/rogercoll) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/213](https://togithub.com/aquasecurity/trivy-action/pull/213)

**Full Changelog**:
aquasecurity/trivy-action@0.10.0...0.11.0

###
[`v0.10.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.10.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.2...0.10.0)

#### What's Changed

- docs: improve SBOM documentation by
[@&#8203;saerosV](https://togithub.com/saerosV) in
[https://github.com/aquasecurity/trivy-action/pull/208](https://togithub.com/aquasecurity/trivy-action/pull/208)
- chore: Update Trivy to 0.40.0 by
[@&#8203;PerfectSlayer](https://togithub.com/PerfectSlayer) in
[https://github.com/aquasecurity/trivy-action/pull/223](https://togithub.com/aquasecurity/trivy-action/pull/223)

#### New Contributors

- [@&#8203;saerosV](https://togithub.com/saerosV) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/208](https://togithub.com/aquasecurity/trivy-action/pull/208)
- [@&#8203;PerfectSlayer](https://togithub.com/PerfectSlayer) made their
first contribution in
[https://github.com/aquasecurity/trivy-action/pull/223](https://togithub.com/aquasecurity/trivy-action/pull/223)

**Full Changelog**:
aquasecurity/trivy-action@0.9.2...0.10.0

###
[`v0.9.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.2)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.1...0.9.2)

#### What's Changed

- chore(deps): bump trivy to v0.38.1 by
[@&#8203;DmitriyLewen](https://togithub.com/DmitriyLewen) in
[https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215)
- Rename security-checks to scanners by
[@&#8203;sadovnikov](https://togithub.com/sadovnikov) in
[https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211)

#### New Contributors

- [@&#8203;DmitriyLewen](https://togithub.com/DmitriyLewen) made their
first contribution in
[https://github.com/aquasecurity/trivy-action/pull/215](https://togithub.com/aquasecurity/trivy-action/pull/215)
- [@&#8203;sadovnikov](https://togithub.com/sadovnikov) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/211](https://togithub.com/aquasecurity/trivy-action/pull/211)

**Full Changelog**:
aquasecurity/trivy-action@0.9.1...0.9.2

###
[`v0.9.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.0...0.9.1)

#### What's Changed

- ⬆️ bump trivy action by
[@&#8203;flaxel](https://togithub.com/flaxel) in
[https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203)

#### New Contributors

- [@&#8203;flaxel](https://togithub.com/flaxel) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/203](https://togithub.com/aquasecurity/trivy-action/pull/203)

**Full Changelog**:
aquasecurity/trivy-action@0.9.0...0.9.1

###
[`v0.9.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.8.0...0.9.0)

#### What's Changed

- fix(sarif): Add option to limit severities for sarif
([#&#8203;192](https://togithub.com/aquasecurity/trivy-action/issues/192))
by [@&#8203;AndreyLevchenko](https://togithub.com/AndreyLevchenko) in
[https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198)
- docs: add trivy-config to table by
[@&#8203;omarsilva1](https://togithub.com/omarsilva1) in
[https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195)
- Update README.md by [@&#8203;mcantu](https://togithub.com/mcantu) in
[https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186)
- feat(trivy): Bump Trivy to v0.37.1 by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/199](https://togithub.com/aquasecurity/trivy-action/pull/199)

#### New Contributors

- [@&#8203;AndreyLevchenko](https://togithub.com/AndreyLevchenko) made
their first contribution in
[https://github.com/aquasecurity/trivy-action/pull/198](https://togithub.com/aquasecurity/trivy-action/pull/198)
- [@&#8203;omarsilva1](https://togithub.com/omarsilva1) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/195](https://togithub.com/aquasecurity/trivy-action/pull/195)
- [@&#8203;mcantu](https://togithub.com/mcantu) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/186](https://togithub.com/aquasecurity/trivy-action/pull/186)

**Full Changelog**:
aquasecurity/trivy-action@0.8.0...0.9.0

###
[`v0.8.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.8.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0)

#### What's Changed

- Add npm to action Dockerfile by
[@&#8203;VaismanLior](https://togithub.com/VaismanLior) in
[https://github.com/aquasecurity/trivy-action/pull/176](https://togithub.com/aquasecurity/trivy-action/pull/176)
- Add 0.34.0 release by
[@&#8203;L1ghtman2k](https://togithub.com/L1ghtman2k) in
[https://github.com/aquasecurity/trivy-action/pull/177](https://togithub.com/aquasecurity/trivy-action/pull/177)

#### New Contributors

- [@&#8203;VaismanLior](https://togithub.com/VaismanLior) made their
first contribution in
[https://github.com/aquasecurity/trivy-action/pull/176](https://togithub.com/aquasecurity/trivy-action/pull/176)
- [@&#8203;L1ghtman2k](https://togithub.com/L1ghtman2k) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/177](https://togithub.com/aquasecurity/trivy-action/pull/177)

**Full Changelog**:
aquasecurity/trivy-action@0.7.1...0.8.0

###
[`v0.7.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1)

#### What's Changed

- Fix github dependency submission API call by
[@&#8203;chejn](https://togithub.com/chejn) in
[https://github.com/aquasecurity/trivy-action/pull/162](https://togithub.com/aquasecurity/trivy-action/pull/162)

#### New Contributors

- [@&#8203;chejn](https://togithub.com/chejn) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/162](https://togithub.com/aquasecurity/trivy-action/pull/162)

**Full Changelog**:
aquasecurity/trivy-action@0.7.0...0.7.1

###
[`v0.7.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.2...0.7.0)

#### What's Changed

- docs: correct format and add output on config scan with sarif by
[@&#8203;dirien](https://togithub.com/dirien) in
[https://github.com/aquasecurity/trivy-action/pull/159](https://togithub.com/aquasecurity/trivy-action/pull/159)
- feat(trivy): Bump Trivy to v0.31.2 by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/165](https://togithub.com/aquasecurity/trivy-action/pull/165)

#### New Contributors

- [@&#8203;dirien](https://togithub.com/dirien) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/159](https://togithub.com/aquasecurity/trivy-action/pull/159)

**Full Changelog**:
aquasecurity/trivy-action@0.6.2...0.7.0

###
[`v0.6.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.2)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.1...0.6.2)

#### What's Changed

- fix(config): Drop mixing of options with yaml config. by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/148](https://togithub.com/aquasecurity/trivy-action/pull/148)
- chore: improve message output sbom with gh by
[@&#8203;krol3](https://togithub.com/krol3) in
[https://github.com/aquasecurity/trivy-action/pull/145](https://togithub.com/aquasecurity/trivy-action/pull/145)
- fix(sarif): Add timeout and security-checks for sarif by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/156](https://togithub.com/aquasecurity/trivy-action/pull/156)

**Full Changelog**:
aquasecurity/trivy-action@0.6.1...0.6.2

###
[`v0.6.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1)

#### What's Changed

- chore(deps): Update trivy version by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/152](https://togithub.com/aquasecurity/trivy-action/pull/152)

**Full Changelog**:
aquasecurity/trivy-action@0.6.0...0.6.1

###
[`v0.6.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0)

#### What's Changed 🔥

- feat(yaml): Add support for trivy.yaml by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/143](https://togithub.com/aquasecurity/trivy-action/pull/143)
-   Updated to use Trivy v0.30.2

**Full Changelog**:
aquasecurity/trivy-action@0.5.1...0.6.0

###
[`v0.5.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.0...0.5.1)

#### What's Changed

- fix(tests): Update test golden files for Trivy v0.29.2 by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/136](https://togithub.com/aquasecurity/trivy-action/pull/136)
- docs(trivy): Add instructions to scan tarballs. by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/134](https://togithub.com/aquasecurity/trivy-action/pull/134)

**Full Changelog**:
aquasecurity/trivy-action@0.5.0...0.5.1

###
[`v0.5.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.1...0.5.0)

#### What's Changed ✨

- docs: added missing HTML template and removed deprecated SARIF
template by
[@&#8203;nleconte-csgroup](https://togithub.com/nleconte-csgroup) in
[https://github.com/aquasecurity/trivy-action/pull/132](https://togithub.com/aquasecurity/trivy-action/pull/132)
- feat(SBOM): Support SBOM generation by
[@&#8203;simar7](https://togithub.com/simar7) in
[https://github.com/aquasecurity/trivy-action/pull/129](https://togithub.com/aquasecurity/trivy-action/pull/129)

#### New Contributors ❤️

- [@&#8203;nleconte-csgroup](https://togithub.com/nleconte-csgroup) made
their first contribution in
[https://github.com/aquasecurity/trivy-action/pull/132](https://togithub.com/aquasecurity/trivy-action/pull/132)

**Full Changelog**:
aquasecurity/trivy-action@0.4.1...0.5.0

###
[`v0.4.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.1)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.0...0.4.1)

#### What's Changed

- feat: update codeql-action/upload-sarif to v2 by
[@&#8203;dotdc](https://togithub.com/dotdc) in
[https://github.com/aquasecurity/trivy-action/pull/124](https://togithub.com/aquasecurity/trivy-action/pull/124)
- Add missing option to README. by
[@&#8203;achton](https://togithub.com/achton) in
[https://github.com/aquasecurity/trivy-action/pull/127](https://togithub.com/aquasecurity/trivy-action/pull/127)
- chore: pinning 0.29.0 trivy by
[@&#8203;krol3](https://togithub.com/krol3) in
[https://github.com/aquasecurity/trivy-action/pull/128](https://togithub.com/aquasecurity/trivy-action/pull/128)

#### New Contributors

- [@&#8203;dotdc](https://togithub.com/dotdc) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/124](https://togithub.com/aquasecurity/trivy-action/pull/124)

**Full Changelog**:
aquasecurity/trivy-action@0.4.0...0.4.1

###
[`v0.4.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0)

#### What's Changed ✨

- Enable security checks option for image type by
[@&#8203;tanguy-platsec](https://togithub.com/tanguy-platsec) in
[https://github.com/aquasecurity/trivy-action/pull/112](https://togithub.com/aquasecurity/trivy-action/pull/112)
- Update Trivy Version in Dockerfile by
[@&#8203;b34rd-tek](https://togithub.com/b34rd-tek) in
[https://github.com/aquasecurity/trivy-action/pull/117](https://togithub.com/aquasecurity/trivy-action/pull/117)
- Use AWS public ECR instead of rate-limiting dockerhub by
[@&#8203;tanguy-platsec](https://togithub.com/tanguy-platsec) in
[https://github.com/aquasecurity/trivy-action/pull/118](https://togithub.com/aquasecurity/trivy-action/pull/118)
- Add support for --ignorefile option (.trivyignore) by
[@&#8203;achton](https://togithub.com/achton) in
[https://github.com/aquasecurity/trivy-action/pull/122](https://togithub.com/aquasecurity/trivy-action/pull/122)
- Update tests for 0.28.1 and convert to JSON by
[@&#8203;achton](https://togithub.com/achton) in
[https://github.com/aquasecurity/trivy-action/pull/126](https://togithub.com/aquasecurity/trivy-action/pull/126)

#### New Contributors ❤️

- [@&#8203;tanguy-platsec](https://togithub.com/tanguy-platsec) made
their first contribution in
[https://github.com/aquasecurity/trivy-action/pull/112](https://togithub.com/aquasecurity/trivy-action/pull/112)
- [@&#8203;b34rd-tek](https://togithub.com/b34rd-tek) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/117](https://togithub.com/aquasecurity/trivy-action/pull/117)
- [@&#8203;achton](https://togithub.com/achton) made their first
contribution in
[https://github.com/aquasecurity/trivy-action/pull/122](https://togithub.com/aquasecurity/trivy-action/pull/122)

**Full Changelog**:
aquasecurity/trivy-action@0.3.0...0.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/newrelic/helm-charts).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants