Bump Trivy

stackhpc · Oct 2, 2024 · d26d019 · d26d019
1 parent 363b690
commit d26d019
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml
@@ -133,7 +133,7 @@ jobs:
 
       - name: Install Trivy
         run: |
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.49.0
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.55.2
 
       - name: Install yq
         run: |
@@ -226,8 +226,6 @@ jobs:
 
       - name: Scan built container images
         run: src/kayobe-config/tools/scan-images.sh ${{ matrix.distro }} ${{ steps.write-kolla-tag.outputs.kolla-tag }}
-        env:
-          TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"
 
       - name: Move image scan logs to output artifact
         run: mv image-scan-output image-build-logs/image-scan-output

diff --git a/tools/scan-images.sh b/tools/scan-images.sh
@@ -54,6 +54,7 @@ for image in $images; do
           --severity HIGH,CRITICAL \
           --output image-scan-output/${filename}.json \
           --ignore-unfixed \
+          --db-repository public.ecr.aws/aquasecurity/trivy-db:2 \
           $image); then
     # Clean up the output file for any images with no vulnerabilities
     rm -f image-scan-output/${filename}.json