Merge branch 'main' into dependabot/npm_and_yarn/production-dependenc…

…ies-204cb0c257
defenseunicorns · Nov 6, 2024 · 4cf11f3 · 4cf11f3
2 parents 80e432b + 967d747
commit 4cf11f3
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/.github/workflows/container-scan.yaml b/.github/workflows/container-scan.yaml
@@ -31,13 +31,13 @@ jobs:
       - name: Build Pepr Controller Image
         run: npm run build:image
       - name: Vulnerability Scan
-        uses: anchore/scan-action@5ed195cc06065322983cae4bb31e2a751feb86fd # v5.2.0
+        uses: anchore/scan-action@f2ba85e044c8f5e5014c9a539328a9c78d3bfa49 # v5.2.1
         with:
           image: "pepr:dev"
           fail-build: true
           severity-cutoff: high
       - name: Generate SBOM
-        uses: anchore/sbom-action@251a468eed47e5082b105c3ba6ee500c0e65a764 # v0.17.6
+        uses: anchore/sbom-action@fc46e51fd3cb168ffb36c6d1915723c47db58abb # v0.17.7
         with:
           image: pepr:dev
           upload-artifact: true

diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
@@ -17,6 +17,6 @@ jobs:
       with:
         fetch-depth: 0
     - name: Default Secret Scanning
-      uses: trufflesecurity/trufflehog@5ca4a17a4c7a242046966b84cf9d7a53364971bc # main
+      uses: trufflesecurity/trufflehog@944d5dcdc2ba2aa70c2227d8e432d19eceda10be # main
       with:
         extra_args: --debug --no-verification # Warn on potential violations