oracle · tmiddlet2666 · Oct 31, 2024 · Oct 31, 2024 · Oct 31, 2024 · Oct 31, 2024
diff --git a/.github/workflows/build-trivy.yaml b/.github/workflows/build-trivy.yaml
@@ -27,38 +27,36 @@ jobs:
       with:
         fetch-depth: 0
 
-    - name: Get Docker Images
-      shell: bash
+    - name: Setup oras
       run: |
-        docker pull gcr.io/distroless/java17
-
-    - name: Set up JDK
-      uses: actions/setup-java@v4
-      with:
-        java-version: '17'
-        distribution: 'zulu'
-
-    - name: Cache Go Modules
-      uses: actions/cache@v4
-      with:
-        path: ~/go/pkg/mod
-        key: ${{ runner.os }}-go-mods-${{ hashFiles('**/go.sum') }}
-        restore-keys: |
-          ${{ runner.os }}-go-mods-
-
-    - name: Cache Maven packages
-      uses: actions/cache@v4
-      with:
-        path: ~/.m2
-        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-        restore-keys: ${{ runner.os }}-m2
+        VERSION="1.2.0"
+        curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz"
+        mkdir -p oras-install/
+        tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
+        sudo mv oras-install/oras /usr/local/bin/
+        rm -rf oras_${VERSION}_*.tar.gz oras-install/
+
+    - name: Get current date
+      id: date
+      run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+    - name: Download and extract the vulnerability DB
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+        oras pull ghcr.io/aquasecurity/trivy-db:2
+        tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+        rm db.tar.gz
 
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.21'
+    - name: Download and extract the Java DB
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+        oras pull ghcr.io/aquasecurity/trivy-java-db:1
+        tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+        rm javadb.tar.gz
 
     - name: Trivy Scan
       shell: bash
       run: |
-        make clean trivy-scan
+        echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
+        export TRIVY_CACHE=$GITHUB_WORKSPACE/.cache/trivy
+        make trivy-scan
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -65,11 +65,6 @@ jobs:
       run: |
         make copyright
 
-    - name: Trivy Scan
-      shell: bash
-      run: |
-        make trivy-scan
-
     - name: Unit Tests
       shell: bash
       run: make test-cohctl

diff --git a/Makefile b/Makefile
@@ -397,7 +397,7 @@ golangci: $(TOOLS_BIN)/golangci-lint ## Go code review
 
 .PHONY: trivy-scan
 trivy-scan: gettrivy ## Scan the CLI using trivy
-	$(TOOLS_BIN)/trivy fs --exit-code 1 .
+	$(TOOLS_BIN)/trivy fs --cache-dir ${TRIVY_CACHE} --exit-code 1 .
 
 # ======================================================================================================================
 # Test targets