⬆️ (deps): Update aquasecurity/trivy-action digest to 38623bf

.github/workflows/_.helm.lint.yaml

@@ -106,7 +106,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -119,7 +119,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table

.github/workflows/_.images.build.yaml

@@ -209,7 +209,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -222,7 +222,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table

.github/workflows/_.images.supply-chain.for-artifacts.yaml

@@ -33,7 +33,7 @@ jobs:
       - name: Extract OCI-Archive for Trivy
         run: "skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}"
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: cyclonedx
@@ -65,7 +65,7 @@ jobs:
       - name: Extract OCI-Archive for Trivy
         run: skopeo copy oci-archive:${{ inputs.artifact-ref }} oci:${{ github.workspace }}/trivy-${{ github.run_id }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: cosign-vuln
@@ -76,7 +76,7 @@ jobs:
           path: vulnerabilities.cosign-vuln.json
 
       # Upload SARIF report for GitHub CodeQL at the same time
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           input: trivy-${{ github.run_id }}
           format: sarif

.github/workflows/_.images.supply-chain.for-registry.yaml

@@ -24,7 +24,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: cyclonedx
@@ -53,7 +53,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: cosign-vuln
@@ -64,7 +64,7 @@ jobs:
         run: cosign attest --yes --replace --predicate vulnerabilities.cosign-vuln.json --type vuln "${{ inputs.image-ref }}"
 
       # Upload SARIF report for GitHub CodeQL at the same time
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           image-ref: ${{ inputs.image-ref }}
           format: sarif

.github/workflows/push.helm.release.yml

@@ -85,7 +85,7 @@ jobs:
         chart: ${{ fromJson(needs.list-changed-charts.outputs.charts) }}
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -98,7 +98,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table

.github/workflows/workflow_dispatch.helm.release.yml

@@ -95,7 +95,7 @@ jobs:
         chart: ${{ fromJson(needs.list-all-charts.outputs.charts) }}
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           format: sarif
           hide-progress: false
@@ -108,7 +108,7 @@ jobs:
           sarif_file: trivy-results.sarif
 
       # NOTE: fail the build only if vulnerabilities with severity HIGH or CRITICAL are found
-      - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+      - uses: aquasecurity/trivy-action@38623bf26706d51c45647909dcfb669825442804 # 0.19.0
         with:
           exit-code: '1'
           format: table