chore(deps): Update trivy to v0.63.0 (#467)

* chore(deps): Update trivy to v0.63.0

* update test data

---------

Co-authored-by: simar7 <[email protected]>
Co-authored-by: Simar <[email protected]>

Author: aqua-bot

.github/workflows/test.yaml

@@ -6,7 +6,7 @@ on:
   workflow_dispatch:
 
 env:
-  TRIVY_VERSION: 0.61.1
+  TRIVY_VERSION: 0.63.0
   BATS_LIB_PATH: '/usr/lib/'
 
 jobs:

README.md

@@ -215,7 +215,7 @@ jobs:
       uses: aquasecurity/[email protected]
       with:
         cache: true
-        version: v0.61.1
+        version: v0.63.0
 
     - name: Run Trivy vulnerability scanner in repo mode
       uses: aquasecurity/trivy-action@master
@@ -847,7 +847,7 @@ Following inputs can be used as `step.with` keys:
 | `github-pat`                 | String  |                                    | Authentication token to enable sending SBOM scan results to GitHub Dependency Graph. Can be either a GitHub Personal Access Token (PAT) or GITHUB_TOKEN          |
 | `limit-severities-for-sarif` | Boolean | false                              | By default *SARIF* format enforces output of all vulnerabilities regardless of configured severities. To override this behavior set this parameter to **true**   |
 | `docker-host`                | String  |                                    | By default it is set to `unix://var/run/docker.sock`, but can be updated to help with containerized infrastructure values (`unix:/` or other prefix is required) |
-| `version`                    | String  | `v0.61.1`                          | Trivy version to use, e.g. `latest` or `v0.61.1`                                                                                                                 |
+| `version`                    | String  | `v0.63.0`                          | Trivy version to use, e.g. `latest` or `v0.63.0`                                                                                                                 |
 | `skip-setup-trivy`           | Boolean | false                              | Skip calling the `setup-trivy` action to install `trivy`                                                                                                         |
 | `token-setup-trivy`          | Boolean |                                    | Overwrite `github.token` used by `setup-trivy` to checkout the `trivy` repository                                                                                |
 

action.yaml

@@ -98,7 +98,7 @@ inputs:
   version:
     description: 'Trivy version to use'
     required: false
-    default: 'v0.61.1'
+    default: 'v0.63.0'
   cache:
     description: 'Used to specify whether caching is needed. Set to false, if you would like to disable caching.'
     required: false

test/data/with-trivy-yaml-cfg/report.json

@@ -1,8 +1,10 @@
 {
   "SchemaVersion": 2,
+  "CreatedAt": "2025-06-03T01:26:45.367171-06:00",
   "ArtifactName": "alpine:3.10",
   "ArtifactType": "container_image",
   "Metadata": {
+    "Size": 5842432,
     "OS": {
       "Family": "alpine",
       "Name": "3.10.9",
@@ -50,7 +52,14 @@
         ],
         "Image": "sha256:eb2080c455e94c22ae35b3aef9e078c492a00795412e026e4d6b41ef64bc7dd8"
       }
-    }
+    },
+    "Layers": [
+      {
+        "Size": 5842432,
+        "Digest": "sha256:396c31837116ac290458afcb928f68b6cc1c7bdd6963fc72f52f365a2a89c1b5",
+        "DiffID": "sha256:9fb3aa2f8b8023a4bebbf92aa567caf88e38e969ada9f0ac12643b2847391635"
+      }
+    ]
   },
   "Results": [
     {
@@ -63,8 +72,8 @@
           "PkgID": "[email protected]",
           "PkgName": "apk-tools",
           "PkgIdentifier": {
-            "PURL": "pkg:apk/alpine/[email protected]?arch=x86_64&distro=3.10.9",
-            "UID": "99f6581ffed6b22"
+            "PURL": "pkg:apk/alpine/[email protected]?arch=x86_64\u0026distro=3.10.9",
+            "UID": "b7a64ae671a99195"
           },
           "InstalledVersion": "2.10.6-r0",
           "FixedVersion": "2.10.7-r0",