aboutsummaryrefslogtreecommitdiffstats
path: root/.gitea
diff options
context:
space:
mode:
Diffstat (limited to '.gitea')
-rw-r--r--.gitea/workflows/db-trivy.yaml46
1 files changed, 0 insertions, 46 deletions
diff --git a/.gitea/workflows/db-trivy.yaml b/.gitea/workflows/db-trivy.yaml
deleted file mode 100644
index 30ec177..0000000
--- a/.gitea/workflows/db-trivy.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
-# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
-name: Update Trivy Cache
-
-on:
- schedule:
- - cron: '0 0 * * *' # Run daily at midnight UTC
- workflow_dispatch: # Allow manual triggering
-
-jobs:
- update-trivy-db:
- runs-on: ubuntu-latest
- steps:
- - name: Get current date
- id: date
- run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
- - name: Install Oras
- id: oras
- run: |
- VERSION="1.2.0"
- curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz"
- mkdir -p oras-install/
- tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
- sudo mv oras-install/oras /usr/local/bin/
- rm -rf oras_${VERSION}_*.tar.gz oras-install/
-
- - name: Download and extract the vulnerability DB
- run: |
- mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
- oras pull public.ecr.aws/aquasecurity/trivy-db:2
- tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
- rm db.tar.gz
-
- - name: Download and extract the Java DB
- run: |
- mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
- oras pull public.ecr.aws/aquasecurity/trivy-java-db:1
- tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
- rm javadb.tar.gz
-
- - name: Cache DBs
- uses: actions/cache/save@v4
- with:
- path: ${{ github.workspace }}/.cache/trivy
- key: cache-trivy-${{ steps.date.outputs.date }}