From 9d5e1848455eacc2911641ce4cf8aa01bd95c17b Mon Sep 17 00:00:00 2001
From: Tim Middleton <tim.middleton@oracle.com>
Date: Fri, 1 Nov 2024 08:53:29 +0800
Subject: [PATCH] Update trivy scan (#21)

* Update trivy scan
* Update with latest CE versions
---
 .github/workflows/build-trivy.yaml        | 39 +++++++++++++++++------
 .github/workflows/ci-build-snapshots.yaml |  4 +--
 .github/workflows/ci-build.yaml           |  8 ++---
 3 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/build-trivy.yaml b/.github/workflows/build-trivy.yaml
index 55bd88c..4365c7c 100644
--- a/.github/workflows/build-trivy.yaml
+++ b/.github/workflows/build-trivy.yaml
@@ -28,17 +28,38 @@ jobs:
       with:
         fetch-depth: 0
 
-    - name: Set up JDK
-      uses: actions/setup-java@v4
-      with:
-        java-version: '11'
-        distribution: 'zulu'
+    - name: Setup oras
+      run: |
+        VERSION="1.2.0"
+        curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz"
+        mkdir -p oras-install/
+        tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
+        sudo mv oras-install/oras /usr/local/bin/
+        rm -rf oras_${VERSION}_*.tar.gz oras-install/
+
+    - name: Get current date
+      id: date
+      run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+
+    - name: Download and extract the vulnerability DB
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+        oras pull ghcr.io/aquasecurity/trivy-db:2
+        tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+        rm db.tar.gz
+
+    - name: Download and extract the Java DB
+      run: |
+        mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+        oras pull ghcr.io/aquasecurity/trivy-java-db:1
+        tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+        rm javadb.tar.gz
 
     - name: Trivy Scan
       shell: bash
       run: |
         DIR=`mktemp -d`
-        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ${DIR} v0.38.3
-        ${DIR}/trivy fs --exit-code 1 .
-        
-        
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ${DIR} v0.51.2
+        echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
+        export TRIVY_CACHE=$GITHUB_WORKSPACE/.cache/trivy
+        ${DIR}/trivy fs --cache-dir ${TRIVY_CACHE} --exit-code 1 .
diff --git a/.github/workflows/ci-build-snapshots.yaml b/.github/workflows/ci-build-snapshots.yaml
index 11fefab..3624bc4 100644
--- a/.github/workflows/ci-build-snapshots.yaml
+++ b/.github/workflows/ci-build-snapshots.yaml
@@ -24,8 +24,8 @@ jobs:
       fail-fast: false
       matrix:
         coherenceVersion:
-          - 24.03.2-SNAPSHOT
-          - 22.06.10-SNAPSHOT
+          - 24.09.1-SNAPSHOT
+          - 22.06.11-SNAPSHOT
 
     steps:
     - name: Checkout
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index d7e718b..a1ab239 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -21,10 +21,10 @@ jobs:
       fail-fast: false
       matrix:
         version:
-          - 24.03.1
-          - 24.03.2-SNAPSHOT
-          - 22.06.10-SNAPSHOT
-          - 22.06.9
+          - 24.09
+          - 24.09.1-SNAPSHOT
+          - 22.06.11-SNAPSHOT
+          - 22.06.10
 
     steps:
     - name: Checkout