Update aquasecurity/trivy-action action to v0.18.0 #308

	name: Trivy scanner

	on:
	- push

	jobs:
	repository-scan:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4.1.1

	- name: Run Trivy scanner on repository
	uses: aquasecurity/trivy-action@0.18.0
	with:
	scan-type: repo
	ignore-unfixed: true
	vuln-type: "os,library"
	severity: "MEDIUM,HIGH,CRITICAL"
	format: "sarif"
	output: "trivy-repository-scan.sarif"

	- name: Upload Trivy scan results to GitHub Security
	uses: github/codeql-action/upload-sarif@v3.24.5
	with:
	# Path to SARIF file relative to the root of the repository
	sarif_file: trivy-repository-scan.sarif
	# Optional category for the results
	# Used to differentiate multiple results for one commit
	category: repository-scan

Provide feedback