diff options
Diffstat (limited to '.gitea')
-rw-r--r-- | .gitea/workflows/db-trivy.yaml | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/.gitea/workflows/db-trivy.yaml b/.gitea/workflows/db-trivy.yaml deleted file mode 100644 index 30ec177..0000000 --- a/.gitea/workflows/db-trivy.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans. -# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true. -name: Update Trivy Cache - -on: - schedule: - - cron: '0 0 * * *' # Run daily at midnight UTC - workflow_dispatch: # Allow manual triggering - -jobs: - update-trivy-db: - runs-on: ubuntu-latest - steps: - - name: Get current date - id: date - run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT - - - name: Install Oras - id: oras - run: | - VERSION="1.2.0" - curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" - mkdir -p oras-install/ - tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ - sudo mv oras-install/oras /usr/local/bin/ - rm -rf oras_${VERSION}_*.tar.gz oras-install/ - - - name: Download and extract the vulnerability DB - run: | - mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db - oras pull public.ecr.aws/aquasecurity/trivy-db:2 - tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db - rm db.tar.gz - - - name: Download and extract the Java DB - run: | - mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db - oras pull public.ecr.aws/aquasecurity/trivy-java-db:1 - tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db - rm javadb.tar.gz - - - name: Cache DBs - uses: actions/cache/save@v4 - with: - path: ${{ github.workspace }}/.cache/trivy - key: cache-trivy-${{ steps.date.outputs.date }} |