(kafka) 01/02: MINOR: Change trivy action (#22024)

[payang]

This is an automated email from the ASF dual-hosted git repository.

payang pushed a commit to branch 4.2
in repository https://gitbox.apache.org/repos/asf/kafka.git

commit c94a8b605589c6ab6617029490f506462896e49d
Author: PoAn Yang <pay...@apache.org>
AuthorDate: Sun Apr 12 23:42:08 2026 +0900

    MINOR: Change trivy action (#22024)
    
    Change to use approved pattern in infrastructure actions.
    
    
https://github.com/apache/infrastructure-actions/blob/75f430702f46fc5b4a71efc23a1ce8d72e11ba61/approved_patterns.yml#L211
    
    Reviewers: Ryan Huang <h...@apache.org>, Ken Huang <s7133...@gmail.com>,
     Chia-Ping Tsai   <chia7...@gmail.com>
    
    ---------
    
    Signed-off-by: PoAn Yang <pay...@apache.org>
    (cherry picked from commit eb6ce0e3d9c22ea1c34ecca293555f9fcad17981)
---
 .github/workflows/docker_build_and_test.yml                | 2 +-
 .github/workflows/docker_official_image_build_and_test.yml | 2 +-
 .github/workflows/docker_scan.yml                          | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker_build_and_test.yml 
b/.github/workflows/docker_build_and_test.yml
index 8358f10433a..d0ae6243105 100644
--- a/.github/workflows/docker_build_and_test.yml
+++ b/.github/workflows/docker_build_and_test.yml
@@ -54,7 +54,7 @@ jobs:
       run: |
         python docker_build_test.py kafka/test -tag=test -type=$IMAGE_TYPE 
-u=$KAFKA_URL
     - name: Run CVE scan
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 
# v0.33.1
+      uses: 
lhotari/sandboxed-trivy-action@555963036b2012b44c1071508a236e569db28ebb # v1.0.1
       with:
         image-ref: 'kafka/test:test'
         format: 'table'
diff --git a/.github/workflows/docker_official_image_build_and_test.yml 
b/.github/workflows/docker_official_image_build_and_test.yml
index 1c67ef58472..a11f6b03917 100644
--- a/.github/workflows/docker_official_image_build_and_test.yml
+++ b/.github/workflows/docker_official_image_build_and_test.yml
@@ -53,7 +53,7 @@ jobs:
       run: |
         python docker_official_image_build_test.py kafka/test -tag=test 
-type=$IMAGE_TYPE -v=$KAFKA_VERSION
     - name: Run CVE scan
-      uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 
# v0.33.1
+      uses: 
lhotari/sandboxed-trivy-action@555963036b2012b44c1071508a236e569db28ebb # v1.0.1
       with:
         image-ref: 'kafka/test:test'
         format: 'table'
diff --git a/.github/workflows/docker_scan.yml 
b/.github/workflows/docker_scan.yml
index 30f9b814b51..97cc4f59921 100644
--- a/.github/workflows/docker_scan.yml
+++ b/.github/workflows/docker_scan.yml
@@ -29,7 +29,7 @@ jobs:
         supported_image_tag: ['latest', '3.9.1', '4.0.1', '4.1.1']
     steps:
       - name: Run CVE scan
-        uses: 
aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
+        uses: 
lhotari/sandboxed-trivy-action@555963036b2012b44c1071508a236e569db28ebb # v1.0.1
         if: always()
         with:
           image-ref: apache/kafka:${{ matrix.supported_image_tag }}