.gitea/workflows/ci.yml

@@ -70,9 +70,16 @@ jobs:
       #     command: snyk
       #     args: test --all-projects
 
-      - name: Trivy Vulnerability Scan
-        uses: aquasecurity/trivy-action@0.30.0
+      - name: Manual Trivy Setup
+        uses: aquasecurity/setup-trivy@v0.2.0
         with:
+          cache: true
+          version: v0.61.1
+
+      - name: Trivy Vulnerability Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          skip-setup-trivy: true
           scan-type: "fs"
           scan-ref: "${{ gitea.workspace }}"
           exit-code: "1"
@@ -80,3 +87,15 @@ jobs:
           format: "table"
           severity: "CRITICAL,HIGH,MEDIUM"
           scanners: "vuln,secret,misconfig,license"
+      
+      # - name: Trivy Vulnerability Scan (Docker)
+      #   uses: aquasecurity/trivy-action@master
+      #   with:
+      #     skip-setup-trivy: true
+      #     image-ref: "docker.io/my-organization/my-app:${{ github.sha }}"
+      #     format: "table"
+      #     exit-code: "1"
+      #     ignore-unfixed: true
+      #     vuln-type: 'os,library'
+      #     severity: "CRITICAL,HIGH,MEDIUM"
+