From f75858d7d5c1feea3d91cb3ecefb5afb1db32d4a Mon Sep 17 00:00:00 2001
From: Sergei Maertens <sergei@maykinmedia.nl>
Date: Fri, 11 Oct 2024 10:47:10 +0200
Subject: [PATCH] :pushpin: Pin trivy-action to 0.24.0

To resolve the file path errors, see also aquasecurity/trivy-action#404
---
 .github/workflows/ci.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e1fed35bb1..440846fa86 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -421,10 +421,14 @@ jobs:
         with:
           name: docker-image-all-extensions-${{ needs.docker_build_setup.outputs.version }}
 
+      - run: |
+          pwd
+          ls
+
       - name: Scan image with Trivy
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.27.0
         with:
-          input: /github/workspace/image.tar  # from download-artifact
+          input: ${{ github.workspace }}/image.tar  # from download-artifact
           format: 'sarif'
           output: 'trivy-results-docker.sarif'
           ignore-unfixed: true