chore(deps): bump dompurify from 3.0.7 to 3.1.7 #1457

Workflow file for this run

.github/workflows/security_scan.yml at c9de6da

	name: Trivy Security Scan

	on:
	push:
	workflow_dispatch:

	jobs:
	security_scan_rootfs:
	name: security_scan_rootfs
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Run static analysis (rootfs)
	uses: aquasecurity/trivy-action@0.26.0
	env:
	#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	with:
	scan-type: "rootfs"
	scanners: "vuln,misconfig"
	ignore-unfixed: true
	format: "sarif"
	output: "trivy-results-rootfs.sarif"
	severity: "CRITICAL,HIGH"
	security_scan_repo:
	name: security_scan_repo
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: Run static analysis (repo)
	uses: aquasecurity/trivy-action@0.26.0
	env:
	#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	with:
	scan-type: "repo"
	scanners: "vuln,misconfig"
	ignore-unfixed: true
	format: "sarif"
	output: "trivy-results-repo.sarif"
	severity: "CRITICAL,HIGH"
	- name: Upload Trivy scan results to GitHub Security tab (repo)
	uses: github/codeql-action/upload-sarif@v2
	continue-on-error: true
	with:
	sarif_file: "trivy-results-repo.sarif"
	category: "code"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump dompurify from 3.0.7 to 3.1.7 #1457

Workflow file

chore(deps): bump dompurify from 3.0.7 to 3.1.7 #1457

Jobs

Run details

Workflow file for this run