Fix github dependency submission API call #162
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
hi @chejn - I recently tried to use the old way and it still worked. Have you tested the new way out? Just curious. |
|
Hi @simar7 , I was having trouble getting this to work and was going to attempt the same change. I was able to get this PR to post the dependency snapshot. I have tried a number of things and cannot get the official 0.7.0 to work. I am curious what you are using for github_pat_token and if you have explicitly set permissions in your action yml that differs from the example in the readme. I'm happy to compare notes further, but for my configuration, I would +1 this change. |
Hi Simar, yes i have tested this method using my fork and it works. Also i was never able to get it to work using the old changes. |
Thanks for chiming in @michaelmworthington – I took another look at it again. Here's what I got: Current way: Proposed way: It seems that both work fine. My token only has |
|
thanks for the info @simar7 i think i see my issue. i was using just my PAT for github-pat, i did not have my username in there. i'm still coming up to speed on GH Actions, but in most situations I've come to prefer the automatically generated GITHUB_TOKEN over a PAT. With this change, I think that means that the value for |
juanjjaramillo
pushed a commit
to newrelic/helm-charts
that referenced
this pull request
Jan 22, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action) | action | minor | `0.3.0` -> `0.16.1` | | [aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action) | action | minor | `0.6.2` -> `0.16.1` | --- ### Release Notes <details> <summary>aquasecurity/trivy-action (aquasecurity/trivy-action)</summary> ### [`v0.16.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.16.0...0.16.1) #### What's Changed - Update Trivy to 0.48.1 by [@​MartiUK](https://togithub.com/MartiUK) in [aquasecurity/trivy-action#291 - docs: fix typo in README.md by [@​hairmare](https://togithub.com/hairmare) in [aquasecurity/trivy-action#293 #### New Contributors - [@​MartiUK](https://togithub.com/MartiUK) made their first contribution in [aquasecurity/trivy-action#291 - [@​hairmare](https://togithub.com/hairmare) made their first contribution in [aquasecurity/trivy-action#293 **Full Changelog**: aquasecurity/trivy-action@0.16.0...0.16.1 ### [`v0.16.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.16.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.15.0...0.16.0) ##### What's Changed - Update to trivy version 0.48.0 by [@​pragmaticivan](https://togithub.com/pragmaticivan) in [aquasecurity/trivy-action#289 ##### New Contributors - [@​pragmaticivan](https://togithub.com/pragmaticivan) made their first contribution in [aquasecurity/trivy-action#289 **Full Changelog**: aquasecurity/trivy-action@0.15.0...0.16.0 ### [`v0.15.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.15.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.14.0...0.15.0) ##### What's Changed - feature(config): add terraform variable files by [@​kderck](https://togithub.com/kderck) in [aquasecurity/trivy-action#285 **Full Changelog**: aquasecurity/trivy-action@0.14.0...0.15.0 ### [`v0.14.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.14.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.1...0.14.0) #### What's Changed - fix: set return code after each Trivy call by [@​LiamMacP](https://togithub.com/LiamMacP) in [aquasecurity/trivy-action#247 - Update to `trivy` version `0.47.0` in Dockerfile by [@​MPV](https://togithub.com/MPV) in [aquasecurity/trivy-action#280 - feature: add filesystem alias by [@​kderck](https://togithub.com/kderck) in [aquasecurity/trivy-action#269 #### New Contributors - [@​LiamMacP](https://togithub.com/LiamMacP) made their first contribution in [aquasecurity/trivy-action#247 - [@​MPV](https://togithub.com/MPV) made their first contribution in [aquasecurity/trivy-action#280 - [@​kderck](https://togithub.com/kderck) made their first contribution in [aquasecurity/trivy-action#269 **Full Changelog**: aquasecurity/trivy-action@0.13.1...0.14.0 ### [`v0.13.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.13.0...0.13.1) #### What's Changed - Update Dockerfile to 0.46.1 by [@​witoldsleczkowski](https://togithub.com/witoldsleczkowski) in [aquasecurity/trivy-action#277 #### New Contributors - [@​witoldsleczkowski](https://togithub.com/witoldsleczkowski) made their first contribution in [aquasecurity/trivy-action#277 **Full Changelog**: aquasecurity/trivy-action@0.13.0...0.13.1 ### [`v0.13.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.13.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.12.0...0.13.0) #### What's Changed - fix: mark image-ref attribute optional by [@​arxeiss](https://togithub.com/arxeiss) in [aquasecurity/trivy-action#261 - Update Dockerfile to 0.46.0 by [@​Cr0n1c](https://togithub.com/Cr0n1c) in [aquasecurity/trivy-action#274 #### New Contributors - [@​arxeiss](https://togithub.com/arxeiss) made their first contribution in [aquasecurity/trivy-action#261 - [@​Cr0n1c](https://togithub.com/Cr0n1c) made their first contribution in [aquasecurity/trivy-action#274 **Full Changelog**: aquasecurity/trivy-action@0.12.0...0.13.0 ### [`v0.12.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.12.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.2...0.12.0) ##### What's Changed - chore(deps): Update trivy to v0.43.1 by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#243 - ci: add workflow to bump trivy by [@​nikpivkin](https://togithub.com/nikpivkin) in [aquasecurity/trivy-action#245 - Update README.md to change the example to the new default brach name … by [@​jdsmithit](https://togithub.com/jdsmithit) in [aquasecurity/trivy-action#234 - feat(trivy): Bump to v0.45.0 by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#256 ##### New Contributors - [@​nikpivkin](https://togithub.com/nikpivkin) made their first contribution in [aquasecurity/trivy-action#245 - [@​jdsmithit](https://togithub.com/jdsmithit) made their first contribution in [aquasecurity/trivy-action#234 **Full Changelog**: aquasecurity/trivy-action@0.11.2...0.12.0 ### [`v0.11.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.1...0.11.2) **Full Changelog**: aquasecurity/trivy-action@0.11.1...0.11.2 ### [`v0.11.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.11.0...0.11.1) #### What's Changed - bump trivy to v0.42.1 by [@​danielchabr](https://togithub.com/danielchabr) in [aquasecurity/trivy-action#240 **Full Changelog**: aquasecurity/trivy-action@0.11.0...0.11.1 ### [`v0.11.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.11.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.10.0...0.11.0) #### What's Changed - Include args when using trivy config file by [@​hermanwh](https://togithub.com/hermanwh) in [aquasecurity/trivy-action#231 - bump trivy to v0.42.0 by [@​danielchabr](https://togithub.com/danielchabr) in [aquasecurity/trivy-action#237 - Enhance GitHub Dependency Snapshot upload by [@​abriko](https://togithub.com/abriko) in [aquasecurity/trivy-action#233 - feat: add exit-code parameter to sarif format by [@​rogercoll](https://togithub.com/rogercoll) in [aquasecurity/trivy-action#213 #### New Contributors - [@​hermanwh](https://togithub.com/hermanwh) made their first contribution in [aquasecurity/trivy-action#231 - [@​danielchabr](https://togithub.com/danielchabr) made their first contribution in [aquasecurity/trivy-action#237 - [@​abriko](https://togithub.com/abriko) made their first contribution in [aquasecurity/trivy-action#233 - [@​rogercoll](https://togithub.com/rogercoll) made their first contribution in [aquasecurity/trivy-action#213 **Full Changelog**: aquasecurity/trivy-action@0.10.0...0.11.0 ### [`v0.10.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.10.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.2...0.10.0) #### What's Changed - docs: improve SBOM documentation by [@​saerosV](https://togithub.com/saerosV) in [aquasecurity/trivy-action#208 - chore: Update Trivy to 0.40.0 by [@​PerfectSlayer](https://togithub.com/PerfectSlayer) in [aquasecurity/trivy-action#223 #### New Contributors - [@​saerosV](https://togithub.com/saerosV) made their first contribution in [aquasecurity/trivy-action#208 - [@​PerfectSlayer](https://togithub.com/PerfectSlayer) made their first contribution in [aquasecurity/trivy-action#223 **Full Changelog**: aquasecurity/trivy-action@0.9.2...0.10.0 ### [`v0.9.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.1...0.9.2) #### What's Changed - chore(deps): bump trivy to v0.38.1 by [@​DmitriyLewen](https://togithub.com/DmitriyLewen) in [aquasecurity/trivy-action#215 - Rename security-checks to scanners by [@​sadovnikov](https://togithub.com/sadovnikov) in [aquasecurity/trivy-action#211 #### New Contributors - [@​DmitriyLewen](https://togithub.com/DmitriyLewen) made their first contribution in [aquasecurity/trivy-action#215 - [@​sadovnikov](https://togithub.com/sadovnikov) made their first contribution in [aquasecurity/trivy-action#211 **Full Changelog**: aquasecurity/trivy-action@0.9.1...0.9.2 ### [`v0.9.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.9.0...0.9.1) #### What's Changed - ⬆️ bump trivy action by [@​flaxel](https://togithub.com/flaxel) in [aquasecurity/trivy-action#203 #### New Contributors - [@​flaxel](https://togithub.com/flaxel) made their first contribution in [aquasecurity/trivy-action#203 **Full Changelog**: aquasecurity/trivy-action@0.9.0...0.9.1 ### [`v0.9.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.9.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.8.0...0.9.0) #### What's Changed - fix(sarif): Add option to limit severities for sarif ([#​192](https://togithub.com/aquasecurity/trivy-action/issues/192)) by [@​AndreyLevchenko](https://togithub.com/AndreyLevchenko) in [aquasecurity/trivy-action#198 - docs: add trivy-config to table by [@​omarsilva1](https://togithub.com/omarsilva1) in [aquasecurity/trivy-action#195 - Update README.md by [@​mcantu](https://togithub.com/mcantu) in [aquasecurity/trivy-action#186 - feat(trivy): Bump Trivy to v0.37.1 by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#199 #### New Contributors - [@​AndreyLevchenko](https://togithub.com/AndreyLevchenko) made their first contribution in [aquasecurity/trivy-action#198 - [@​omarsilva1](https://togithub.com/omarsilva1) made their first contribution in [aquasecurity/trivy-action#195 - [@​mcantu](https://togithub.com/mcantu) made their first contribution in [aquasecurity/trivy-action#186 **Full Changelog**: aquasecurity/trivy-action@0.8.0...0.9.0 ### [`v0.8.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.8.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.1...0.8.0) #### What's Changed - Add npm to action Dockerfile by [@​VaismanLior](https://togithub.com/VaismanLior) in [aquasecurity/trivy-action#176 - Add 0.34.0 release by [@​L1ghtman2k](https://togithub.com/L1ghtman2k) in [aquasecurity/trivy-action#177 #### New Contributors - [@​VaismanLior](https://togithub.com/VaismanLior) made their first contribution in [aquasecurity/trivy-action#176 - [@​L1ghtman2k](https://togithub.com/L1ghtman2k) made their first contribution in [aquasecurity/trivy-action#177 **Full Changelog**: aquasecurity/trivy-action@0.7.1...0.8.0 ### [`v0.7.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.7.0...0.7.1) #### What's Changed - Fix github dependency submission API call by [@​chejn](https://togithub.com/chejn) in [aquasecurity/trivy-action#162 #### New Contributors - [@​chejn](https://togithub.com/chejn) made their first contribution in [aquasecurity/trivy-action#162 **Full Changelog**: aquasecurity/trivy-action@0.7.0...0.7.1 ### [`v0.7.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.7.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.2...0.7.0) #### What's Changed - docs: correct format and add output on config scan with sarif by [@​dirien](https://togithub.com/dirien) in [aquasecurity/trivy-action#159 - feat(trivy): Bump Trivy to v0.31.2 by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#165 #### New Contributors - [@​dirien](https://togithub.com/dirien) made their first contribution in [aquasecurity/trivy-action#159 **Full Changelog**: aquasecurity/trivy-action@0.6.2...0.7.0 ### [`v0.6.2`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.2) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.1...0.6.2) #### What's Changed - fix(config): Drop mixing of options with yaml config. by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#148 - chore: improve message output sbom with gh by [@​krol3](https://togithub.com/krol3) in [aquasecurity/trivy-action#145 - fix(sarif): Add timeout and security-checks for sarif by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#156 **Full Changelog**: aquasecurity/trivy-action@0.6.1...0.6.2 ### [`v0.6.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.6.0...0.6.1) #### What's Changed - chore(deps): Update trivy version by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#152 **Full Changelog**: aquasecurity/trivy-action@0.6.0...0.6.1 ### [`v0.6.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.6.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.1...0.6.0) #### What's Changed 🔥 - feat(yaml): Add support for trivy.yaml by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#143 - Updated to use Trivy v0.30.2 **Full Changelog**: aquasecurity/trivy-action@0.5.1...0.6.0 ### [`v0.5.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.5.0...0.5.1) #### What's Changed - fix(tests): Update test golden files for Trivy v0.29.2 by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#136 - docs(trivy): Add instructions to scan tarballs. by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#134 **Full Changelog**: aquasecurity/trivy-action@0.5.0...0.5.1 ### [`v0.5.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.5.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.1...0.5.0) #### What's Changed ✨ - docs: added missing HTML template and removed deprecated SARIF template by [@​nleconte-csgroup](https://togithub.com/nleconte-csgroup) in [aquasecurity/trivy-action#132 - feat(SBOM): Support SBOM generation by [@​simar7](https://togithub.com/simar7) in [aquasecurity/trivy-action#129 #### New Contributors ❤️ - [@​nleconte-csgroup](https://togithub.com/nleconte-csgroup) made their first contribution in [aquasecurity/trivy-action#132 **Full Changelog**: aquasecurity/trivy-action@0.4.1...0.5.0 ### [`v0.4.1`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.1) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.4.0...0.4.1) #### What's Changed - feat: update codeql-action/upload-sarif to v2 by [@​dotdc](https://togithub.com/dotdc) in [aquasecurity/trivy-action#124 - Add missing option to README. by [@​achton](https://togithub.com/achton) in [aquasecurity/trivy-action#127 - chore: pinning 0.29.0 trivy by [@​krol3](https://togithub.com/krol3) in [aquasecurity/trivy-action#128 #### New Contributors - [@​dotdc](https://togithub.com/dotdc) made their first contribution in [aquasecurity/trivy-action#124 **Full Changelog**: aquasecurity/trivy-action@0.4.0...0.4.1 ### [`v0.4.0`](https://togithub.com/aquasecurity/trivy-action/releases/tag/0.4.0) [Compare Source](https://togithub.com/aquasecurity/trivy-action/compare/0.3.0...0.4.0) #### What's Changed ✨ - Enable security checks option for image type by [@​tanguy-platsec](https://togithub.com/tanguy-platsec) in [aquasecurity/trivy-action#112 - Update Trivy Version in Dockerfile by [@​b34rd-tek](https://togithub.com/b34rd-tek) in [aquasecurity/trivy-action#117 - Use AWS public ECR instead of rate-limiting dockerhub by [@​tanguy-platsec](https://togithub.com/tanguy-platsec) in [aquasecurity/trivy-action#118 - Add support for --ignorefile option (.trivyignore) by [@​achton](https://togithub.com/achton) in [aquasecurity/trivy-action#122 - Update tests for 0.28.1 and convert to JSON by [@​achton](https://togithub.com/achton) in [aquasecurity/trivy-action#126 #### New Contributors ❤️ - [@​tanguy-platsec](https://togithub.com/tanguy-platsec) made their first contribution in [aquasecurity/trivy-action#112 - [@​b34rd-tek](https://togithub.com/b34rd-tek) made their first contribution in [aquasecurity/trivy-action#117 - [@​achton](https://togithub.com/achton) made their first contribution in [aquasecurity/trivy-action#122 **Full Changelog**: aquasecurity/trivy-action@0.3.0...0.4.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/newrelic/helm-charts). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Curl in line 189 incorrectly provides credentials to the github dependency submission API.