WIP: clean the cache

As it stands now, Trivy isn't evaluating the source code, it's evaluating the cache which doesn't reflect the current situation of the tree. Signed-off-by: Claudio André <[email protected]>
openwall · Nov 21, 2024 · 83f0b25 · 83f0b25
1 parent eb02725
commit 83f0b25
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/trivy-scanfs.yml b/.github/workflows/trivy-scanfs.yml
@@ -53,13 +53,19 @@ jobs:
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Clean
+        id: data
+        run: |
+          rm -rf .cache/trivy
+
       - name: Security Scan
         uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
         with:
           scan-type: "fs"
-          scanners: vuln,secret,misconfig,license
+          scanners: vuln,misconfig,license
           skip-files: cloud-tool/security-group.tf # See #577
           exit-code: 1
+          cache: 'false'
         env:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
           TRIVY_USERNAME: ${{ github.actor }}