From cd82654c4b9546aaada1344d89949031b922b4d7 Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Wed, 3 May 2023 20:59:35 +0000
Subject: [PATCH 1/3] ci: bump trivy version

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 .github/workflows/workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index aa4e4c15035..d26b43b7b9a 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -291,7 +291,7 @@ jobs:
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
         env:
-          TRIVY_VERSION: "0.36.1"
+          TRIVY_VERSION: "0.41.0"
 
       - name: Run trivy on git repository
         run: |

From 8552e6886d89c6f7c6d687415380ab6f3c35fce9 Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Thu, 4 May 2023 00:08:55 +0000
Subject: [PATCH 2/3] update deprecated security-checks flag

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 .github/workflows/workflow.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index baca3879f25..25796993354 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -295,7 +295,7 @@ jobs:
 
       - name: Run trivy on git repository
         run: |
-          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+          trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln .
 
       - name: Build docker images
         run: |
@@ -308,7 +308,5 @@ jobs:
       - name: Run trivy on images
         run: |
           for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do
-            for vuln_type in "os" "library"; do
-              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${img}"
-            done
+              trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
           done

From 05de689c476b97655ea8ef7397ed40b9cc9c780f Mon Sep 17 00:00:00 2001
From: Sertac Ozercan <sozercan@gmail.com>
Date: Thu, 4 May 2023 00:19:25 +0000
Subject: [PATCH 3/3] add trivyignore file

Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
---
 .trivyignore | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .trivyignore

diff --git a/.trivyignore b/.trivyignore
new file mode 100644
index 00000000000..b583a1d2c18
--- /dev/null
+++ b/.trivyignore
@@ -0,0 +1,3 @@
+# false positive due to prometheus versioning
+# https://github.com/aquasecurity/trivy/issues/2992
+CVE-2019-3826