Chris Lu 43f5916a1d
ci: add Trivy CVE scan to container release workflow ( #8820 ) ...
* ci: add Trivy CVE scan to container release workflow
* ci: pin trivy-action version and fail on HIGH/CRITICAL CVEs
Address review feedback:
- Pin aquasecurity/trivy-action to v0.28.0 instead of @master
- Add exit-code: '1' so the scan fails the job on findings
- Add comment explaining why only amd64 is scanned
* ci: pin trivy-action to SHA for v0.35.0
Tags ≤0.34.2 were compromised (GHSA-69fq-xp46-6x23). Pin to the full
commit SHA of v0.35.0 to avoid mutable tag risks.
2026-03-28 21:10:57 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-23 10:50:22 -07:00
2026-03-09 11:33:38 -07:00
2026-03-28 21:10:57 -07:00
2026-03-16 10:46:36 -07:00
2026-03-16 10:46:36 -07:00
2026-03-23 10:50:22 -07:00
2026-03-09 17:29:53 -07:00
2026-03-23 10:50:22 -07:00
2026-03-10 13:31:45 -07:00
2026-03-09 23:10:27 -07:00
2026-03-09 14:05:39 -07:00
2026-03-25 20:06:34 -07:00
2026-03-10 13:31:45 -07:00
2026-03-23 10:50:22 -07:00
2026-03-19 05:50:15 -07:00
2026-02-16 13:59:13 -08:00
2026-03-02 10:27:57 -08:00
2026-03-09 23:10:27 -07:00
2026-03-09 23:10:27 -07:00
2026-03-26 14:07:01 -07:00
2026-03-10 13:31:45 -07:00
2026-02-25 22:11:41 -08:00
2026-03-09 23:10:27 -07:00
2026-03-26 17:24:35 -07:00
2026-03-26 17:24:35 -07:00
2026-03-26 17:24:35 -07:00
2026-03-21 19:31:56 -07:00
2026-03-02 10:27:57 -08:00
2026-03-02 10:27:57 -08:00
2026-03-09 11:54:32 -07:00
2026-03-02 10:27:57 -08:00
2026-03-28 20:17:20 -07:00
2026-03-09 23:10:27 -07:00
2026-03-02 10:27:57 -08:00
2026-03-09 11:12:56 -07:00
2026-03-21 19:31:56 -07:00
2026-03-02 10:27:57 -08:00
2026-03-09 11:12:56 -07:00
2025-12-06 21:59:00 -08:00
2026-03-10 13:31:45 -07:00
2026-03-23 09:16:38 -07:00
2026-03-20 22:15:05 -07:00
2026-03-09 23:10:27 -07:00
2026-03-26 14:06:21 -07:00
2026-03-10 13:31:45 -07:00
43f5916a1d