public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
57,606 Commits 655 Branches 650 Tags
c8f810b422d4a7213fbf64990a5e2ef9faac7ffd
Commit Graph

8 Commits

Author SHA1 Message Date
Mariell Hoversholm 4fb7b47971 Trivy: Document Vulnerability Observability (#99414) 
We use Vulnerability Observability for Docker images. The current comments say we simply don't scan them at all, so
let's make it clear for future readers that we do, in fact, scan Docker images, too.
 2025-01-23 11:02:23 +01:00
dependabot[bot] a115d5db03 Bump aquasecurity/setup-trivy from 0.2.1 to 0.2.2 (#95456) 
Bumps [aquasecurity/setup-trivy](https://github.com/aquasecurity/setup-trivy) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/aquasecurity/setup-trivy/releases)
- [Commits](https://github.com/aquasecurity/setup-trivy/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: aquasecurity/setup-trivy
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-29 19:20:45 +00:00
Dave Henderson 0880329796 ci(trivy): Use non-default DB registry to avoid rate limits (#95434) 
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
 2024-10-25 22:12:41 +03:00
Dave Henderson 25e85f8947 ci: Update trivy action to run on action updates (#95096) 
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
 2024-10-22 10:00:47 -04:00
dependabot[bot] a52d0ca5a6 Bump aquasecurity/trivy-action from 0.24.0 to 0.28.0 (#94787) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.28.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.24.0...0.28.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-10-17 18:12:31 +00:00
dependabot[bot] 1c5ed0da4d Bump aquasecurity/trivy-action from 0.22.0 to 0.24.0 (#90254) 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.22.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.22.0...0.24.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-07-19 23:20:53 +00:00
Dave Henderson 1cc58d19f5 ci: Only run vuln scanner when Go deps are updated (#89433) 
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
 2024-06-20 09:07:15 -04:00
Dave Henderson ee8a549fdd CI: Add Trivy GitHub Action (#88987) 
* CI: Add Trivy GitHub Action

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

* Remove obsolete Snyk workflow

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>

---------

Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
 2024-06-10 16:53:48 -04:00