Trivy

Bump ISPC version to v1.26.0 #551

	# Copyright 2024-2025, Intel Corporation
	# SPDX-License-Identifier: BSD-3-Clause

	# Runs linter for Docker files
	name: Trivy

	permissions: read-all

	on:
	workflow_dispatch:
	push:
	pull_request:
	paths:
	- '**/Dockerfile'
	- '.github/workflows/trivy.yml'
	- '.trivyignore'

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	linux:
	name: Trivy
	runs-on: ubuntu-latest
	permissions:
	security-events: write

	steps:
	- name: Clone the git repo
	uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1

	- name: Run Trivy
	uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # v0.29.0
	with:
	scan-type: 'config'
	hide-progress: false
	format: 'sarif'
	output: 'trivy-results.sarif'
	trivyignores: '.trivyignore'
	# Skip released versions before v1.25.0
	skip-dirs: 'docker/v1.24.0,docker/v1.23.0,docker/v1.22.0,docker/v1.21.0,docker/v1.20.0,docker/v1.19.0,docker/v1.18.0,docker/v1.17.0,docker/v1.16.0,docker/v1.15.0,docker/v1.14.1,docker/v1.14.0,docker/v1.13.0,docker/v1.12.0,docker/v1.11.0,docker/v1.10.0,docker/v1.9.2,docker/v1.9.1'

	- name: Print report
	run: \|
	echo "### Trivy report:"
	cat trivy-results.sarif

	- name: Upload Trivy results to Github Security tab
	uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
	with:
	sarif_file: 'trivy-results.sarif'

	- name: Upload Trivy results
	uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
	with:
	name: trivy-results.sarif
	path: trivy-results.sarif

Provide feedback