I created a new sandboxed Trivy action, which is currently in review to be added to the approved ASF actions: https://github.com/apache/infrastructure-actions/pull/582 In Pulsar, I've been thinking of replacing Trivy with Google's OSV Scanner (https://github.com/google/osv-scanner); however, it's not a direct replacement in how it's used in GitHub Actions workflows.
-Lari On Sun, 29 Mar 2026 at 23:52, Henrik Ingo <[email protected]> wrote: > > FYI, GitHub actions not working, I filed: > > https://issues.apache.org/jira/browse/INFRA-27784 > Otava github actions broken after Trivy fix > > -- > *nyrkio.com <http://nyrkio.com/>* ~ *Continuous Benchmarking as a Service* > > Henrik Ingo, CEO > [email protected] LinkedIn: > www.linkedin.com/in/heingo > +358 40 569 7354 Twitter: twitter.com/h_ingo
