From 91922103b44f0a71f5a20bd4420dc8fa2fe65023 Mon Sep 17 00:00:00 2001
From: Xun Jiang <xun.jiang@broadcom.com>
Date: Fri, 27 Mar 2026 16:09:53 +0800
Subject: [PATCH] Update the trivy-action version from main to specific tag to
 fix supply chain attack

https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/

Signed-off-by: Xun Jiang <xun.jiang@broadcom.com>
---
 .github/workflows/nightly-trivy-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nightly-trivy-scan.yml b/.github/workflows/nightly-trivy-scan.yml
index 0f5fe0a68..85ce3cdc5 100644
--- a/.github/workflows/nightly-trivy-scan.yml
+++ b/.github/workflows/nightly-trivy-scan.yml
@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1
         with:
           image-ref: 'docker.io/velero/${{ matrix.images }}:${{ matrix.versions }}'
           severity: 'CRITICAL,HIGH,MEDIUM'