ci: bump trivy version (open-policy-agent#2737)

Signed-off-by: Anlan Du <adu47249@gmail.com>
anlandu · May 19, 2023 · 36162ac · 36162ac
1 parent a0aa827
commit 36162ac
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -291,11 +291,11 @@ jobs:
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
         env:
-          TRIVY_VERSION: "0.36.1"
+          TRIVY_VERSION: "0.41.0"
 
       - name: Run trivy on git repository
         run: |
-          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+          trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln .
 
       - name: Build docker images
         run: |
@@ -308,7 +308,5 @@ jobs:
       - name: Run trivy on images
         run: |
           for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do
-            for vuln_type in "os" "library"; do
-              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${img}"
-            done
+              trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
           done
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,3 @@
+# false positive due to prometheus versioning
+# https://github.com/aquasecurity/trivy/issues/2992
+CVE-2019-3826