Pin trivy-action to SHA instead of mutable @master (#689)

Author: anneschuth

.github/workflows/build-reusable.yml

@@ -100,7 +100,7 @@ jobs:
           MATTERMOST_USERNAME: ${{ github.triggering_actor }}
 
       - name: Run Trivy vulnerability scanner sarif
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
           scan-type: image
@@ -117,7 +117,7 @@ jobs:
           sarif_file: "trivy-results.sarif"
 
       - name: Run Trivy SBOM
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
           scan-type: image
@@ -130,7 +130,7 @@ jobs:
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Run Trivy license scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           image-ref: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
           scan-type: image

.github/workflows/ci.yml

@@ -70,7 +70,7 @@ jobs:
         run: poetry run liccheck -s pyproject.toml
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           trivy-config: trivy.yaml
           scan-type: fs