From 17d797f440737c0e6babf7062d91855bfddb984b Mon Sep 17 00:00:00 2001
From: Volodymyr Kolesnykov <volodymyr@wildwolf.name>
Date: Mon, 7 Oct 2024 12:14:55 +0300
Subject: [PATCH 1/2] ci: update trivy to 0.56.1

---
 .github/actions/build-docker-image/action.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml
index cdefa9b0..229dd47e 100644
--- a/.github/actions/build-docker-image/action.yml
+++ b/.github/actions/build-docker-image/action.yml
@@ -158,7 +158,7 @@ runs:
           -v $(pwd)/.cache:/root/.cache \
           -v $(pwd):/workdir \
           -w /workdir \
-          aquasec/trivy:0.55.2 image --format json --ignore-unfixed --pkg-types os --scanners vuln ${{ inputs.primaryTag }} --output trivy.json
+          aquasec/trivy:0.56.1 image --format json --ignore-unfixed --pkg-types os --scanners vuln ${{ inputs.primaryTag }} --output trivy.json
         sudo chmod a+r -R .cache
 
     - name: Calculate database hash
@@ -179,12 +179,12 @@ runs:
       if: steps.old_hash.outputs.hash != steps.new_hash.outputs.hash && steps.new_hash.outputs.hash != ''
 
     - name: Print report
-      uses: docker://aquasec/trivy:0.55.2
+      uses: docker://aquasec/trivy:0.56.1
       with:
         args: convert --format=table trivy.json
 
     - name: Generate SARIF
-      uses: docker://aquasec/trivy:0.55.2
+      uses: docker://aquasec/trivy:0.56.1
       with:
         args: convert --format=sarif --output=${{ steps.filename.outputs.filename }} trivy.json
       if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
@@ -197,7 +197,7 @@ runs:
       continue-on-error: true
 
     - name: Prepare markdown report
-      uses: docker://aquasec/trivy:0.55.2
+      uses: docker://aquasec/trivy:0.56.1
       with:
         args: convert --format=template --template=@.github/actions/build-docker-image/markdown.tpl --output=trivy.md trivy.json
       if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name

From d0c2b03712dd68cf1d77724b7e9a079cec7c6588 Mon Sep 17 00:00:00 2001
From: Volodymyr Kolesnykov <volodymyr@wildwolf.name>
Date: Mon, 7 Oct 2024 12:24:26 +0300
Subject: [PATCH 2/2] fix: use AWS mirror for the database

---
 .github/actions/build-docker-image/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/actions/build-docker-image/action.yml b/.github/actions/build-docker-image/action.yml
index 229dd47e..b1f62bf5 100644
--- a/.github/actions/build-docker-image/action.yml
+++ b/.github/actions/build-docker-image/action.yml
@@ -158,7 +158,7 @@ runs:
           -v $(pwd)/.cache:/root/.cache \
           -v $(pwd):/workdir \
           -w /workdir \
-          aquasec/trivy:0.56.1 image --format json --ignore-unfixed --pkg-types os --scanners vuln ${{ inputs.primaryTag }} --output trivy.json
+          aquasec/trivy:0.56.1 image --format json --ignore-unfixed --pkg-types os --scanners vuln ${{ inputs.primaryTag }} --db-repository public.ecr.aws/aquasecurity/trivy-db:2 --output trivy.json
         sudo chmod a+r -R .cache
 
     - name: Calculate database hash