deps(actions)(deps): bump aquasecurity/trivy-action from 0.35.0 to 0.36.0 in the third-party-actions-minor-patch group across 1 directory #230

	name: MetaMask Security Code Scanner

	on:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	workflow_call:
	secrets:
	SECURITY_SCAN_METRICS_TOKEN:
	required: false
	APPSEC_BOT_SLACK_WEBHOOK:
	required: false
	workflow_dispatch:

	permissions: {} # lock everything by default (least-privilege)

	jobs:
	security-scan:
	uses: MetaMask/action-security-code-scanner/.github/workflows/security-scan.yml@v2
	permissions:
	actions: read
	contents: read
	security-events: write
	with:
	repo: ${{ github.repository }}
	scanner-ref: 'v2'
	paths-ignored: \|
	/build/
	/target/
	*/.class
	/gradle/
	/test/
	/tests/
	*/Test.java
	*/Tests.java
	*/Test.kt
	*/Tests.kt
	languages-config: \|
	[
	{
	"language": "java-kotlin",
	"build_mode": "manual",
	"build_command": "./gradlew build",
	"version": "21",
	"distribution": "temurin"
	}
	]
	secrets:
	project-metrics-token: ${{ secrets.SECURITY_SCAN_METRICS_TOKEN }}
	slack-webhook: ${{ secrets.APPSEC_BOT_SLACK_WEBHOOK }}

Provide feedback