From 9ca5ec47003a343863233c5b6fff18a23742d42f Mon Sep 17 00:00:00 2001
From: Kayla Reopelle <kreopelle@newrelic.com>
Date: Tue, 19 Nov 2024 07:57:33 -0800
Subject: [PATCH] Add trivy.yaml for report mode scans

---
 .github/workflows/security.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 55d0ffac7e..ed4ee03a84 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -41,11 +41,10 @@ jobs:
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # tag v0.28.0
         with:
           scan-type: fs
+          scan-ref: .
+          trivy-config: trivy.yaml
           format: sarif
           output: trivy-results.sarif
-          ignore-unfixed: true
-          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
-          cache: false
 
       - name: Upload Trivy scan results to GitHub Security tab
         # Only upload sarif when running nightly on the dev branch.