From e3bd79e5c4d81a014a09ab5d27598a14673b5fae Mon Sep 17 00:00:00 2001
From: Ashley Felton <ashley@ropable.com>
Date: Mon, 25 Nov 2024 12:28:38 +0800
Subject: [PATCH] Update GitHub workflow.

---
 .github/workflows/image-build-scan.yml | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/image-build-scan.yml b/.github/workflows/image-build-scan.yml
index 3506842..c2a399b 100644
--- a/.github/workflows/image-build-scan.yml
+++ b/.github/workflows/image-build-scan.yml
@@ -5,7 +5,8 @@ on:
     # Publish `master` as `latest` image.
     branches: [master]
     # Publish tagged commits as releases.
-    tags: ['1.*', '2.*', '3.*']
+    tags:
+      - "*"
   pull_request:
     branches: [master]
 
@@ -78,16 +79,19 @@ jobs:
       # Run vulnerability scan on built image
       #----------------------------------------------
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
         with:
-          scan-type: image
+          scan-type: "image"
+          scanners: "vuln"
           image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-          vuln-type: 'os,library'
-          severity: 'HIGH,CRITICAL'
-          format: template
-          template: '@/contrib/sarif.tpl'
-          output: trivy-results.sarif
+          vuln-type: "os,library"
+          severity: "HIGH,CRITICAL"
+          format: "sarif"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-results.sarif"
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: trivy-results.sarif
+          sarif_file: "trivy-results.sarif"