chore(deps): update actions/cache digest to 0057852 (#519) #629

	name: Analysis

	on:
	push:
	branches: [main]
	merge_group:
	pull_request:
	types: [opened, reopened, synchronize, ready_for_review]
	schedule:
	- cron: "0 12 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
	workflow_dispatch:

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	jobs:
	# https://github.com/marketplace/actions/aqua-security-trivy
	trivy:
	name: Trivy Security Scan
	if: github.event_name != 'pull_request' \|\| !github.event.pull_request.draft
	runs-on: ubuntu-24.04
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5

	- name: Run Trivy vulnerability scanner in repo mode
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
	with:
	format: "sarif"
	output: "trivy-results.sarif"
	ignore-unfixed: true
	scan-type: "fs"
	scanners: "vuln,secret,config"
	severity: "CRITICAL,HIGH"

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3
	with:
	sarif_file: "trivy-results.sarif"

Provide feedback