From a52d0ca5a682f65b43f81115a2ff01eb8050815d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 17 Oct 2024 18:12:31 +0000
Subject: [PATCH] Bump aquasecurity/trivy-action from 0.24.0 to 0.28.0 (#94787)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.28.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](https://github.com/aquasecurity/trivy-action/compare/0.24.0...0.28.0)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/trivy-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
index f3a2c32f53e..1cd7bec885a 100644
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -16,7 +16,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
     - name: Run Trivy vulnerability scanner (table output)
-      uses: aquasecurity/trivy-action@0.24.0
+      uses: aquasecurity/trivy-action@0.28.0
       with:
         # scan the filesystem, rather than building a Docker image prior - the
         # downside is we won't catch dependencies that are only installed in the
@@ -33,7 +33,7 @@ jobs:
         # for the PR check, ignore JS-related issues
         skip-files: 'yarn.lock,package.json'
     - name: Run Trivy vulnerability scanner (SARIF)
-      uses: aquasecurity/trivy-action@0.24.0
+      uses: aquasecurity/trivy-action@0.28.0
       with:
         scan-type: 'fs'
         scanners: 'vuln'