From 3e6670f0a85cc8c14533d82024fd55ee001ae0f2 Mon Sep 17 00:00:00 2001
From: Paolo Sottovia <paolo.sottovia@canonical.com>
Date: Tue, 12 Nov 2024 13:13:49 +0000
Subject: [PATCH] Update trivy

---
 .github/workflows/trivy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6be1abc9..e3963ac2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -48,7 +48,7 @@ jobs:
             docker-archive:${{ steps.artifact.outputs.base_artifact_name }} \
             docker-daemon:trivy/charmed-spark:test
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: 'trivy/charmed-spark:test'
           format: 'sarif'
@@ -63,7 +63,7 @@ jobs:
           ref: ${{ inputs.branch }}
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'image'
           format: 'spdx-json'