From cdbb2b9c705229a48b19d653e8f16d0572d54fd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gonzalo=20Su=C3=A1rez=20Losada?=
 <gonzalo.suarez.losada@gmail.com>
Date: Thu, 26 Mar 2026 13:00:18 +0100
Subject: [PATCH] fix: fixed trivys version to v0.35.0 (secure one) and added
 version checking against hash

---
 security/trivy/action.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/security/trivy/action.yml b/security/trivy/action.yml
index 4cee35f..6748198 100644
--- a/security/trivy/action.yml
+++ b/security/trivy/action.yml
@@ -12,8 +12,12 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Verify Trivy action version
+      run: |
+        git ls-remote https://github.com/aquasecurity/trivy-action refs/tags/v0.35.0 | grep 57a97c7e7821a5776cebc9bb87c984fa69cba8f1 
+      shell: bash
     - name: Run Trivy scan
-      uses: aquasecurity/trivy-action@0.33.1
+      uses: aquasecurity/trivy-action@v0.35.0
       with:
         scan-type: ${{ inputs.scanning-image == 'true' && 'image' || 'fs' }}
         scan-ref: ${{ inputs.scan-ref }}