Interact with the Trivy cache only once per workflow

Issue: PGO-1893
CrunchyData · Nov 4, 2024 · c7f5e99 · c7f5e99
1 parent 261be8b
commit c7f5e99
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -51,6 +51,9 @@ jobs:
           scan-type: filesystem
           hide-progress: true
           scanners: secret,vuln
+          # Manage the cache only once during this workflow.
+          # - https://github.com/aquasecurity/trivy-action#cache
+          cache: true
 
       # Produce a SARIF report of actionable results. This step fails only when
       # Trivy is unable to scan.
@@ -62,6 +65,9 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           scanners: secret,vuln
+          # Use the cache downloaded in a prior step.
+          # - https://github.com/aquasecurity/trivy-action#cache
+          cache: false
 
       # Submit the SARIF report to GitHub code scanning. Pull requests checks
       # succeed or fail according to branch protection rules.