2436b4e097
CI: move workflows/actions to actions ( #104711 )
...
* move workflows/actions to actions
* rerun actions
* fix setup-go v5
* unpinned unnecessary pins
* update CODEOWONERS
* update CODEOWONERS
* remove remove-milestone from codeowners
* remove bad key
2025-04-29 14:24:55 -05:00
97d10b5095
CI: remove unused worklow; use GITHUB_TOKEN where possible ( #104657 )
...
* remove unused worklow; use GITHUB_TOKEN where possible
* pin usages of checkout and setup-go
* Fix zizmor errors
* add zizmor.yml
* fix `changelog.yml`
* fix `core-plugins-build-and-release.yml`
* fix `release-comms.yml`
* update release-pr.yml and run-e2e-suite.yml
* Fix errors in files outside of .github/workflows
* Remove path filter on zizmor.yml
---------
Co-authored-by: Sven Grossmann <svennergr@gmail.com >
Co-authored-by: joshhunt <josh.hunt@grafana.com >
2025-04-29 10:09:23 -05:00
4fb7b47971
Trivy: Document Vulnerability Observability ( #99414 )
...
We use Vulnerability Observability for Docker images. The current comments say we simply don't scan them at all, so
let's make it clear for future readers that we do, in fact, scan Docker images, too.
2025-01-23 11:02:23 +01:00
a115d5db03
Bump aquasecurity/setup-trivy from 0.2.1 to 0.2.2 ( #95456 )
...
Bumps [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy ) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases )
- [Commits](https://github.com/aquasecurity/setup-trivy/compare/v0.2.1...v0.2.2 )
---
updated-dependencies:
- dependency-name: aquasecurity/setup-trivy
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-29 19:20:45 +00:00
0880329796
ci(trivy): Use non-default DB registry to avoid rate limits ( #95434 )
...
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
2024-10-25 22:12:41 +03:00
25e85f8947
ci: Update trivy action to run on action updates ( #95096 )
...
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
2024-10-22 10:00:47 -04:00
a52d0ca5a6
Bump aquasecurity/trivy-action from 0.24.0 to 0.28.0 ( #94787 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.24.0 to 0.28.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.24.0...0.28.0 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-17 18:12:31 +00:00
1c5ed0da4d
Bump aquasecurity/trivy-action from 0.22.0 to 0.24.0 ( #90254 )
...
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action ) from 0.22.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases )
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.24.0 )
---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-19 23:20:53 +00:00
1cc58d19f5
ci: Only run vuln scanner when Go deps are updated ( #89433 )
...
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
2024-06-20 09:07:15 -04:00
ee8a549fdd
CI: Add Trivy GitHub Action ( #88987 )
...
* CI: Add Trivy GitHub Action
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
* Remove obsolete Snyk workflow
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
---------
Signed-off-by: Dave Henderson <dave.henderson@grafana.com >
2024-06-10 16:53:48 -04:00
Kevin Minehart
Mariell Hoversholm
dependabot[bot]
Dave Henderson