Pin Trivy CLI to v0.69.3 to work around deleted release assets

Trivy releases v0.27.0-v0.69.1 were deleted as part of a supply chain attack on 2026-03-01 (aquasecurity/trivy#10265). Pin the CLI version explicitly so the action does not try to download missing assets.
2026-04-11 08:21:16 +02:00 · 2026-03-15 14:27:30 -05:00 · 2026-03-15 14:27:30 -05:00 · ecd624b2bb
commit ecd624b2bb
parent dab4b8137b
1 changed files with 1 additions and 0 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -96,6 +96,7 @@ jobs:
      uses: aquasecurity/trivy-action@0.33.1
      with:
        image-ref: 'ghcr.io/netbootxyz/netbootxyz:${{ env.TAG_SUFFIX }}'
+        version: 'v0.69.3'
        format: 'table'
        exit-code: ${{ env.IS_PR == 'true' && '1' || '0' }}
        ignore-unfixed: true