Update Trivy Cache #76

Workflow file for this run

.github/workflows/update-trivy-cache.yaml at 1caa136

	# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
	# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
	name: Update Trivy Cache

	on:
	schedule:
	- cron: '0 1 * * *' # Run daily at midnight UTC
	workflow_dispatch: # Allow manual triggering

	jobs:
	update-trivy-db:
	runs-on: ubuntu-latest
	steps:
	- name: Setup oras
	uses: oras-project/setup-oras@v1

	- name: Get current date
	id: date
	run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT

	- name: Login to ghcr.io
	uses: docker/login-action@v3
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

	- name: Download and extract the vulnerability DB
	run: \|
	mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
	oras copy ghcr.io/aquasecurity/trivy-db:2 ghcr.io/tiryoh/aquasecurity/trivy-db:2 \|\| echo "err"
	oras pull ghcr.io/aquasecurity/trivy-db:2 \|\| oras pull ghcr.io/tiryoh/aquasecurity/trivy-db:2
	tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
	rm db.tar.gz

	- name: Download and extract the Java DB
	run: \|
	mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
	oras copy ghcr.io/aquasecurity/trivy-java-db:1 ghcr.io/tiryoh/aquasecurity/trivy-java-db:1 \|\| echo "err"
	oras pull ghcr.io/aquasecurity/trivy-java-db:1 \|\| oras pull ghcr.io/tiryoh/aquasecurity/trivy-java-db:1
	tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
	rm javadb.tar.gz

	- name: Cache DBs
	uses: actions/cache/save@v4
	with:
	path: ${{ github.workspace }}/.cache/trivy
	key: cache-trivy-${{ steps.date.outputs.date }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Trivy Cache #76

Workflow file

Update Trivy Cache #76

Jobs

Run details

Workflow file for this run