Aqua Security Trivy

Version updated for https://github.com/aquasecurity/trivy-action to version v0.35.0.

• This publisher is shown as ‘verified’ by GitHub.
• This action is used across all versions by 39,830 repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The Trivy GitHub Action integrates the Trivy vulnerability scanner into CI/CD pipelines to automate security scans for container images, file systems, repositories, and Infrastructure-as-Code. It identifies vulnerabilities, secrets, and misconfigurations, ensuring application security during development. Key features include customizable scan configurations, caching for faster execution, and support for SBOM generation and GitHub Code Scanning workflows.

Release notes

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

• aquasecurity
• GitHub Actions