Skip to content

chore(deps): bump golang.org/x/net from 0.55.0 to 0.57.0 in /daemon #1347

chore(deps): bump golang.org/x/net from 0.55.0 to 0.57.0 in /daemon

chore(deps): bump golang.org/x/net from 0.55.0 to 0.57.0 in /daemon #1347

Workflow file for this run

name: Security scan
permissions: {}
on:
push:
branches:
- main
- dev
pull_request:
schedule:
- cron: '0 0 * * 0' # Every Sunday at 12:00 AM
jobs:
trivy-scan:
runs-on: ubuntu-latest
permissions:
contents: read # checkout (harmless to be explicit)
security-events: write # upload-sarif → code scanning API
steps:
- name: Checkout newrelic-php-agent code
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # 6.0.3
with:
path: php-agent
- name: Run Trivy in table mode
# Table output is only useful when running on a pull request or push.
if: contains(fromJSON('["push", "pull_request"]'), github.event_name)
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
with:
scan-type: fs
scan-ref: ./php-agent
trivy-config: ./php-agent/trivy.yaml
trivyignores: ./php-agent/.trivyignore
format: table
exit-code: 1
- name: Run Trivy in report mode
# Only generate sarif when running nightly on the dev branch.
if: ${{ github.event_name == 'schedule' }}
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
with:
scan-type: fs
scan-ref: ./php-agent
trivy-config: ./php-agent/trivy.yaml
trivyignores: ./php-agent/.trivyignore
format: sarif
output: trivy-results.sarif
- name: Upload Trivy scan results to GitHub Security tab
# Only upload sarif when running nightly on the dev branch.
if: ${{ github.event_name == 'schedule' }}
uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # 4.36.1
with:
checkout_path: ./php-agent
sarif_file: trivy-results.sarif