GA(deps): Bump aquasecurity/trivy-action from 0.21.0 to 0.24.0 #556

	name: Code Scanning

	on:
	push:
	branches: ["main"]
	pull_request:
	# The branches below must be a subset of the branches above
	branches: ["main"]
	schedule:
	# Runs at 13:16 UTC on Fri.
	- cron: "16 13 * * 5"

	permissions:
	contents: read

	jobs:
	hadolint:
	name: Hadolint
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write

	steps:
	- name: Checkout code
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

	- name: Run Hadolint
	uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
	with:
	dockerfile: ./Dockerfile
	format: sarif
	output-file: hadolint-results.sarif
	no-fail: true

	- name: Upload Hadolint scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
	with:
	sarif_file: hadolint-results.sarif
	wait-for-processing: true

	trivy:
	name: Trivy
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write

	steps:
	- name: Checkout code
	uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29

	- name: Build an image from Dockerfile
	run: \|
	docker build -t ${{ github.sha }} .

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8
	with:
	image-ref: "${{ github.sha }}"
	format: "template"
	template: "@/contrib/sarif.tpl"
	output: "trivy-results.sarif"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
	with:
	sarif_file: "trivy-results.sarif"
	wait-for-processing: true

Provide feedback