open-policy-agent · sozercan · May 4, 2023 · May 3, 2023 · May 3, 2023 · May 4, 2023
@@ -291,11 +291,11 @@ jobs:
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
         env:
-          TRIVY_VERSION: "0.36.1"
+          TRIVY_VERSION: "0.41.0"
 
       - name: Run trivy on git repository
         run: |
-          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
+          trivy fs --format table --ignore-unfixed --skip-dirs website --scanners vuln .
 
       - name: Build docker images
         run: |
@@ -308,7 +308,5 @@ jobs:
       - name: Run trivy on images
         run: |
           for img in "gatekeeper-e2e:latest" "gatekeeper-crds:latest"; do
-            for vuln_type in "os" "library"; do
-              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${img}"
-            done
+              trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
           done
@@ -0,0 +1,3 @@
+# false positive due to prometheus versioning
+# https://github.com/aquasecurity/trivy/issues/2992
+CVE-2019-3826