feat(security-actions/scan-docker-image): bump trivy 0.57.1 to use up…

…dated mirror for `trivy-db` and `trivy-java-db`

feat(security-actions/scan-docker-image): use existing token input with default

.github/workflows/docker-image-scan.yml

@@ -64,6 +64,8 @@ jobs:
         asset_prefix: kong-gateway-dev-linux-amd64
         image: ${{env.IMAGE}}@${{ steps.image_manifest_metadata.outputs.amd64_sha }}
         skip_cis_scan: false
+        trivy_db_cache: kong/trivy-db-mirror@main
+
 
     - name: Scan ARM64 Image digest
       if: steps.image_manifest_metadata.outputs.manifest_list_exists == 'true' && steps.image_manifest_metadata.outputs.arm64_sha != ''
@@ -75,6 +77,7 @@ jobs:
         upload-sbom-release-assets: true
         skip_cis_scan: false
 
+
   test-download-sbom:
     if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
     name: Download SBOM

security-actions/scan-docker-image/action.yml

@@ -70,9 +70,9 @@ inputs:
   trivy_db_cache:
     description: 'GitHub repository containing Trivy DB cache (format: owner/repo@ref). Database should be named `db.tar.gz` on the default branch.'
     required: false
-  trivy_db_cache_token:
-    description: 'Token for accessing `trivy_db_cache`.'
-    required: false
+  # trivy_db_cache_token:
+  #   description: 'Token for accessing `trivy_db_cache`.'
+  #   required: false
 
 outputs:
   cis-json-report:
@@ -318,10 +318,13 @@ runs:
         echo "repository=${REPO}" >> $GITHUB_OUTPUT
         echo "ref=${REF}" >> $GITHUB_OUTPUT
 
+      # Issue: https://github.com/aquasecurity/trivy/issues/7938
+      # Discussion: https://github.com/aquasecurity/trivy/discussions/7668
+      # Fix: Refer https://github.com/aquasecurity/trivy/discussions/7951 usign mirror.gcr.io 
     - name: Install Trivy
       shell: bash
       run: |
-        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.55.2
+        curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.57.1
 
     - name: Checkout Trivy DB cache
       if: inputs.trivy_db_cache != ''
@@ -330,7 +333,7 @@ runs:
         repository: ${{ steps.parse_cache.outputs.repository }}
         ref: ${{ steps.parse_cache.outputs.ref }}
         path: trivy-db-cache
-        token: ${{ inputs.trivy_db_cache_token }}
+        token: ${{ inputs.github-token }}
 
     - name: Setup Trivy DB from cache
       if: inputs.trivy_db_cache != ''
@@ -345,6 +348,8 @@ runs:
         cd ..
         rm -rf trivy-db-cache
 
+    # Issue: https://github.com/aquasecurity/trivy/issues/7938
+    # Fix: Refer https://github.com/aquasecurity/trivy/discussions/7951 usign mirror.gcr.io 
     - name: Generate docker-cis JSON report
       if: ${{ inputs.skip_cis_scan != 'true' && steps.meta.outputs.scan_image != '' }}
       id: cis_json