From cb866e07c1bf909e1e56af37241eac2bc54ce79c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ahmet=20Y=C4=B1ld=C4=B1z?= <aenes45@gmail.com>
Date: Mon, 15 Jul 2024 15:21:15 +0300
Subject: [PATCH] Remove trivy binary and changed it with trivy github action

---
 .github/workflows/test.yaml | 37 +++++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 80904f3813..60f235bf76 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -155,14 +155,6 @@ jobs:
       - name: Get repo
         run: |
           echo "REPO=$(echo $GITHUB_REPOSITORY | awk '{print tolower($0)}')" >> $GITHUB_ENV
-      - name: Download trivy
-        run: |
-          pushd $(mktemp -d)
-          wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
-          tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
-          echo "$(pwd)" >> $GITHUB_PATH
-        env:
-          TRIVY_VERSION: "0.50.0"
 
       - name: Build eraser-manager
         run: |
@@ -176,14 +168,35 @@ jobs:
       - name: Build trivy scanner
         run: |
           make docker-build-trivy-scanner TRIVY_SCANNER_REPO=${{ env.REGISTRY }}/${REPO}-trivy-scanner TRIVY_SCANNER_TAG=test
+
       - name: Run trivy for remover
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/remover:test
+        uses: aquasecurity/trivy-action@0.19.0
+        with:
+          image-ref: ${{ env.REGISTRY }}/remover:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for eraser-manager
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/${REPO}-manager:test
+        uses: aquasecurity/trivy-action@0.19.0
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-manager:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for collector
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/collector:test
+        uses: aquasecurity/trivy-action@0.19.0
+        with:
+          image-ref: ${{ env.REGISTRY }}/collector:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
 
       - name: Run trivy for trivy-scanner
-        run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/${REPO}-trivy-scanner:test
+        uses: aquasecurity/trivy-action@0.19.0
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.REPO }}-trivy-scanner:test
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"