From ad3b971786d3264629f6812bc661b5a7275c7c9b Mon Sep 17 00:00:00 2001
From: vrajpurohit <vrajpurohit@newrelic.com>
Date: Mon, 23 Mar 2026 15:38:58 +0530
Subject: [PATCH 1/3] update the trivy version to v0.69.3 and trivy-action to
 v0.35.0

Signed-off-by: vrajpurohit <vrajpurohit@newrelic.com>
---
 .github/workflows/trivy_fs.yaml                           | 3 ++-
 tools/chef/cookbooks/px_dev_extras/attributes/linux.rb    | 4 ++--
 tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb | 4 ++--
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/trivy_fs.yaml b/.github/workflows/trivy_fs.yaml
index 6e43472a835..f3149af8a13 100644
--- a/.github/workflows/trivy_fs.yaml
+++ b/.github/workflows/trivy_fs.yaml
@@ -23,12 +23,13 @@ jobs:
       security-events: write
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-    - uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0  # v0.29.0
+    - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
       with:
         scan-type: 'fs'
         ignore-unfixed: true
         format: 'sarif'
         output: 'trivy-results.sarif'
+        trivy-version: '0.69.3'
     - run: |
         jq '.runs[].tool.driver.name = "trivy-fs"' < trivy-results.sarif > tmp
         mv tmp trivy-results.sarif
diff --git a/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb b/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
index abb58c3669b..3504a3c47a1 100644
--- a/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
+++ b/tools/chef/cookbooks/px_dev_extras/attributes/linux.rb
@@ -83,9 +83,9 @@
   '79b0f844237bd4b0446e4dc884dbc1765fc7dedc3968f743d5949c6f2e701739'
 
 default['trivy']['download_path'] =
-  'https://github.com/aquasecurity/trivy/releases/download/v0.64.1/trivy_0.64.1_Linux-64bit.tar.gz'
+  'https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_Linux-64bit.tar.gz'
 default['trivy']['sha256'] =
-  '1a09d86667b3885a8783d1877c9abc8061b2b4e9b403941b22cbd82f10d275a8'
+  '1816b632dfe529869c740c0913e36bd1629cb7688bd5634f4a858c1d57c88b75'
 
 default['yq']['download_path'] =
   'https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_linux_amd64'
diff --git a/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb b/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
index 84cc19c046a..62019de0263 100644
--- a/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
+++ b/tools/chef/cookbooks/px_dev_extras/attributes/mac_os_x.rb
@@ -84,9 +84,9 @@
   'dece9b0131af5ced0f8c278a53c0cf06a4f0d1d70a177c0979f6d111654397ce'
 
 default['trivy']['download_path'] =
-  'https://github.com/aquasecurity/trivy/releases/download/v0.64.1/trivy_0.64.1_macOS-64bit.tar.gz'
+  'https://github.com/aquasecurity/trivy/releases/download/v0.69.3/trivy_0.69.3_macOS-64bit.tar.gz'
 default['trivy']['sha256'] =
-  '107a874b41c1f0a48849f859b756f500d8be06f2d2b8956a046a97ae38088bf6'
+  'fec4a9f7569b624dd9d044fca019e5da69e032700edbb1d7318972c448ec2f4e'
 
 default['yq']['download_path'] =
   'https://github.com/mikefarah/yq/releases/download/v4.30.8/yq_darwin_amd64'

From 60e4975550ce901f08b35d41d2b19047f32133b2 Mon Sep 17 00:00:00 2001
From: vrajpurohit <vrajpurohit@newrelic.com>
Date: Mon, 23 Mar 2026 18:12:56 +0530
Subject: [PATCH 2/3] update trivy-action version

Signed-off-by: vrajpurohit <vrajpurohit@newrelic.com>
---
 .github/workflows/trivy_fs.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/trivy_fs.yaml b/.github/workflows/trivy_fs.yaml
index f3149af8a13..63552ada056 100644
--- a/.github/workflows/trivy_fs.yaml
+++ b/.github/workflows/trivy_fs.yaml
@@ -23,13 +23,12 @@ jobs:
       security-events: write
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-    - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
+    - uses: aquasecurity/trivy-action@0.35.0
       with:
         scan-type: 'fs'
         ignore-unfixed: true
         format: 'sarif'
         output: 'trivy-results.sarif'
-        trivy-version: '0.69.3'
     - run: |
         jq '.runs[].tool.driver.name = "trivy-fs"' < trivy-results.sarif > tmp
         mv tmp trivy-results.sarif

From 30a5293976ffe4d764573c3aadaf3ccd4062ceb7 Mon Sep 17 00:00:00 2001
From: vrajpurohit <vrajpurohit@newrelic.com>
Date: Tue, 24 Mar 2026 10:24:07 +0530
Subject: [PATCH 3/3] update trivy-action sha instead of version number

Signed-off-by: vrajpurohit <vrajpurohit@newrelic.com>
---
 .github/workflows/trivy_fs.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy_fs.yaml b/.github/workflows/trivy_fs.yaml
index 63552ada056..4c9fbefd53d 100644
--- a/.github/workflows/trivy_fs.yaml
+++ b/.github/workflows/trivy_fs.yaml
@@ -23,7 +23,7 @@ jobs:
       security-events: write
     steps:
     - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
-    - uses: aquasecurity/trivy-action@0.35.0
+    - uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
       with:
         scan-type: 'fs'
         ignore-unfixed: true