From 2fd86e5f9d415846cb4f4c4aa02cc83c041b22cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 21:53:00 +0000 Subject: [PATCH] github-actions(deps): bump anchore/scan-action Bumps [anchore/scan-action](https://github.com/anchore/scan-action) from 3.3.6 to 3.5.0. - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/anchore/scan-action/compare/v3.3.6...v3.5.0) --- updated-dependencies: - dependency-name: anchore/scan-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- security-actions/scan-docker-image/action.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security-actions/scan-docker-image/action.yml b/security-actions/scan-docker-image/action.yml index 7aae0888..d5adcbd9 100644 --- a/security-actions/scan-docker-image/action.yml +++ b/security-actions/scan-docker-image/action.yml @@ -111,7 +111,7 @@ runs: # Don't fail during report generation - name: Vulnerability analysis of SBOM - uses: anchore/scan-action@v3.3.6 + uses: anchore/scan-action@v3.5.0 id: grype_analysis_sarif if: ${{ steps.sbom_report.outputs.files_exists == 'true' }} with: @@ -124,7 +124,7 @@ runs: # Don't fail during report generation # JSON format will report any ignored rules - name: Vulnerability analysis of SBOM - uses: anchore/scan-action@v3.3.6 + uses: anchore/scan-action@v3.5.0 id: grype_analysis_json if: ${{ steps.sbom_report.outputs.files_exists == 'true' }} with: @@ -195,7 +195,7 @@ runs: # Notify grype quick scan results in table format # Table format will supress any specified ignore rules - name: Inspect Vulnerability analysis of SBOM - uses: anchore/scan-action@v3.3.6 + uses: anchore/scan-action@v3.5.0 if: ${{ steps.sbom_report.outputs.files_exists == 'true' }} with: sbom: ${{ steps.meta.outputs.sbom_spdx_file }}