From ce5eac4d6018b9b47c1dba5a7f61d0c55c02c1c8 Mon Sep 17 00:00:00 2001 From: rv0lt Date: Wed, 9 Oct 2024 10:44:50 +0200 Subject: [PATCH] update trivy action --- .github/workflows/publish_and_trivyscan.yml | 4 +++- .github/workflows/trivy-scheduled-dev.yml | 4 +++- .github/workflows/trivy-scheduled-master.yml | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish_and_trivyscan.yml b/.github/workflows/publish_and_trivyscan.yml index ab3f56bea..f250b7fba 100644 --- a/.github/workflows/publish_and_trivyscan.yml +++ b/.github/workflows/publish_and_trivyscan.yml @@ -118,7 +118,9 @@ jobs: push: false tags: ghcr.io/${{ env.IMAGE_REPOSITORY }}:sha-${{ github.sha }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.7.1 + uses: aquasecurity/trivy-action@0.26.0 + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db with: image-ref: "ghcr.io/${{ env.IMAGE_REPOSITORY }}:sha-${{ github.sha }}" format: "sarif" diff --git a/.github/workflows/trivy-scheduled-dev.yml b/.github/workflows/trivy-scheduled-dev.yml index 1399be061..7bd34cf9d 100644 --- a/.github/workflows/trivy-scheduled-dev.yml +++ b/.github/workflows/trivy-scheduled-dev.yml @@ -23,7 +23,9 @@ jobs: run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV - name: Run Trivy on latest dev image - uses: aquasecurity/trivy-action@0.24.0 + uses: aquasecurity/trivy-action@0.26.0 + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db with: image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:dev" format: "sarif" diff --git a/.github/workflows/trivy-scheduled-master.yml b/.github/workflows/trivy-scheduled-master.yml index 4ef9fa58b..e2ef46b86 100644 --- a/.github/workflows/trivy-scheduled-master.yml +++ b/.github/workflows/trivy-scheduled-master.yml @@ -25,7 +25,9 @@ jobs: run: echo REPOSITORY_OWNER=$(echo ${{ github.repository_owner }} | tr "[:upper:]" "[:lower:]") >> $GITHUB_ENV - name: Run Trivy on latest release image - uses: aquasecurity/trivy-action@0.24.0 + uses: aquasecurity/trivy-action@0.26.0 + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db with: image-ref: "ghcr.io/${{ env.REPOSITORY_OWNER }}/dds-backend:latest" format: "sarif"