From 9041cbe2e7fc73b2c1c452f62c924af4800d73e1 Mon Sep 17 00:00:00 2001
From: Pete Wall <pete.wall@grafana.com>
Date: Wed, 30 Oct 2024 09:24:18 -0500
Subject: [PATCH] More image scanning fixes

Signed-off-by: Pete Wall <pete.wall@grafana.com>
---
 .github/workflows/security-scans.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/security-scans.yml b/.github/workflows/security-scans.yml
index 871d299e5..d017c0253 100644
--- a/.github/workflows/security-scans.yml
+++ b/.github/workflows/security-scans.yml
@@ -28,11 +28,12 @@ jobs:
         id: list_images
         run: |
           file=charts/k8s-monitoring/docs/examples/features/all-features/output.yaml
-          yq -r -o json '. | select(.kind=="DaemonSet") | .spec.template.spec.containers[].image' "${file}" > images.txt
-          yq -r -o json '. | select(.kind=="Deployment") | .spec.template.spec.containers[].image' "${file}" > images.txt
-          yq -r -o json '. | select(.kind=="Job") | .spec.template.spec.containers[].image' "${file}" > images.txt
-          yq -r -o json '. | select(.kind=="Pod") | .spec.containers[].image' "${file}" > images.txt
-          yq -r -o json '. | select(.kind=="StatefulSet") | .spec.template.spec.containers[].image' "${file}" > images.txt
+          touch images.txt
+          yq -r -o json '. | select(.kind=="DaemonSet") | .spec.template.spec.containers[].image' "${file}" >> images.txt
+          yq -r -o json '. | select(.kind=="Deployment") | .spec.template.spec.containers[].image' "${file}" >> images.txt
+          yq -r -o json '. | select(.kind=="Job") | .spec.template.spec.containers[].image' "${file}" >> images.txt
+          yq -r -o json '. | select(.kind=="Pod") | .spec.containers[].image' "${file}" >> images.txt
+          yq -r -o json '. | select(.kind=="StatefulSet") | .spec.template.spec.containers[].image' "${file}" >> images.txt
           echo "images=$(sort --unique < images.txt | jq --raw-input --slurp --compact-output 'split("\n") | map(select(. != ""))')" >> "${GITHUB_OUTPUT}"
 
   scan-container-images:
@@ -45,7 +46,7 @@ jobs:
       fail-fast: false
     steps:
       - name: Run Trivy
-        uses: aquasecurity/trivy-action@v0.28
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: ${{ matrix.image }}
           format: sarif