From ef1a1f5b50a6908ce1c005d97ac276a4d084ff7e Mon Sep 17 00:00:00 2001
From: Cursor Agent <cursoragent@cursor.com>
Date: Fri, 13 Feb 2026 16:23:22 +0000
Subject: [PATCH] fix: pin trivy action to immutable commit SHA

Co-authored-by: Manuel H. <LouisLetcher@users.noreply.github.com>
---
 .github/workflows/container-build.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index f89556f..334f845 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -97,7 +97,7 @@ jobs:
 
       - name: Trivy scan (php image)
         if: github.event_name != 'pull_request'
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0
         with:
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_PHP }}@${{ steps.build_php.outputs.digest }}
           format: table
@@ -108,7 +108,7 @@ jobs:
 
       - name: Trivy scan (nginx image)
         if: github.event_name != 'pull_request'
-        uses: aquasecurity/trivy-action@0.33.1
+        uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0
         with:
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NGINX }}@${{ steps.build_nginx.outputs.digest }}
           format: table