(pulsar) branch master updated: [improve][ci] Replace trivy-action with sandboxed-trivy-action (#25480)

Tue, 07 Apr 2026 12:04:51 -0700 

This is an automated email from the ASF dual-hosted git repository.

mmerli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new 2394bb10a87 [improve][ci] Replace trivy-action with 
sandboxed-trivy-action (#25480)
2394bb10a87 is described below

commit 2394bb10a874c65207d1cc68cff0b8e882e0faf8
Author: Lari Hotari <[email protected]>
AuthorDate: Tue Apr 7 18:27:59 2026 +0300

    [improve][ci] Replace trivy-action with sandboxed-trivy-action (#25480)
---
 .github/workflows/pulsar-ci.yaml | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml
index 6b18ba54a88..7a835dc0a53 100644
--- a/.github/workflows/pulsar-ci.yaml
+++ b/.github/workflows/pulsar-ci.yaml
@@ -658,25 +658,26 @@ jobs:
           src/check-binary-license.sh 
./distribution/server/build/distributions/apache-pulsar-*-bin.tar.gz
           src/check-binary-license.sh 
./distribution/shell/build/distributions/apache-pulsar-shell-*-bin.tar.gz
 
-#      - name: Run Trivy container scan
-#        id: trivy_scan
-#        uses: aquasecurity/[email protected]
-#        if: ${{ github.repository == 'apache/pulsar' && github.event_name != 
'pull_request' }}
-#        continue-on-error: true
-#        with:
-#          image-ref: "apachepulsar/pulsar:latest"
-#          scanners: vuln
-#          severity: CRITICAL,HIGH,MEDIUM,LOW
-#          limit-severities-for-sarif: true
-#          format: 'sarif'
-#          output: 'trivy-results.sarif'
-#
-#      - name: Upload Trivy scan results to GitHub Security tab
-#        uses: github/codeql-action/upload-sarif@v3
-#        if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 
'apache/pulsar' && github.event_name != 'pull_request' }}
-#        continue-on-error: true
-#        with:
-#          sarif_file: 'trivy-results.sarif'
+      - name: Run Trivy container scan
+        id: trivy_scan
+        uses: 
lhotari/sandboxed-trivy-action@555963036b2012b44c1071508a236e569db28ebb
+        if: ${{ github.repository == 'apache/pulsar' && github.event_name != 
'pull_request' }}
+        continue-on-error: true
+        with:
+          scan-type: 'image'
+          scan-ref: "apachepulsar/pulsar:latest"
+          scanners: vuln
+          severity: CRITICAL,HIGH,MEDIUM,LOW
+          limit-severities-for-sarif: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v4
+        if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 
'apache/pulsar' && github.event_name != 'pull_request' }}
+        continue-on-error: true
+        with:
+          sarif_file: 'trivy-results.sarif'
 
       - name: Save docker image to file
         run: |

Reply via email to