chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 by dependabot[bot] · Pull Request #23191 · goharbor/harbor

dependabot · 2026-05-04T13:51:11Z

Bumps aquasecurity/trivy-action from 0.35.0 to 0.36.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in aquasecurity/trivy-action#546

ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in aquasecurity/trivy-action#552

ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in aquasecurity/trivy-action#550

test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in aquasecurity/trivy-action#555

ci: add dependabot config by @nikpivkin in aquasecurity/trivy-action#556

chore: add zizmor config by @nikpivkin in aquasecurity/trivy-action#557

chore(deps): bump the actions group with 5 updates by @dependabot[bot] in aquasecurity/trivy-action#558

fix: use portable shebang in entrypoint.sh by @Hayao0819 in aquasecurity/trivy-action#545

Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in aquasecurity/trivy-action#547

Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in aquasecurity/trivy-action#548

chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in aquasecurity/trivy-action#561

chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in aquasecurity/trivy-action#559

chore: update action version to v0.36.0 in examples by @nikpivkin in aquasecurity/trivy-action#563

New Contributors

@dependabot[bot] made their first contribution in aquasecurity/trivy-action#558

@Hayao0819 made their first contribution in aquasecurity/trivy-action#545

@patrik-csak made their first contribution in aquasecurity/trivy-action#547

@Aditya09-cse made their first contribution in aquasecurity/trivy-action#548

@Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits

ed142fd chore: update action version to v0.36.0 in examples (#563)
dea62cf chore(deps): Update trivy to v0.70.0 (#559)
128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
4a2deec fix: use portable shebang in entrypoint.sh (#545)
1994662 chore(deps): bump the actions group with 5 updates (#558)
6b36659 chore: add zizmor config (#557)
316aa5a ci: add dependabot config (#556)
264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
Additional commits viewable in compare view

chlins

lgtm

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.35.0 to 0.36.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot assigned OrlinVasilev May 4, 2026

dependabot Bot requested a review from a team as a code owner May 4, 2026 13:51

dependabot Bot added the release-note/infra Infra related changes e.g. release, test, ship etc... label May 4, 2026

github-actions Bot assigned chlins and stonezdj May 4, 2026

chlins approved these changes May 6, 2026

View reviewed changes

chlins enabled auto-merge (squash) May 6, 2026 05:19

dependabot Bot force-pushed the dependabot/github_actions/aquasecurity/trivy-action-0.36.0 branch 2 times, most recently from a036fb2 to 9824da7 Compare May 18, 2026 08:25

dependabot Bot force-pushed the dependabot/github_actions/aquasecurity/trivy-action-0.36.0 branch from 9824da7 to 9e3aa88 Compare May 18, 2026 10:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#23191

chore(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0#23191
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/aquasecurity/trivy-action-0.36.0

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading

Uh oh!

chlins left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

dependabot Bot commented on behalf of github May 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v0.36.0

What's Changed

New Contributors

Uh oh!

chlins left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

dependabot Bot commented on behalf of github May 4, 2026 •

edited

Loading