From c65d1a6b4474d430e28b454e3c1b6f434606a5d5 Mon Sep 17 00:00:00 2001
From: ruigomescx <rui.gomes@checkmarx.com>
Date: Tue, 18 Feb 2025 15:55:38 +0000
Subject: [PATCH 1/2] update images

---
 .github/workflows/ast-scan.yml                         |  2 +-
 .../{update-trivy-cron.yml => update-trivy-cache.yml}  | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)
 rename .github/workflows/{update-trivy-cron.yml => update-trivy-cache.yml} (66%)

diff --git a/.github/workflows/ast-scan.yml b/.github/workflows/ast-scan.yml
index 91e3f354..805a6348 100644
--- a/.github/workflows/ast-scan.yml
+++ b/.github/workflows/ast-scan.yml
@@ -7,7 +7,7 @@ on:
     branches:
       - main
   schedule:
-    - cron: '30 9 * * *'
+    - cron: '00 7 * * *'
 
 jobs:
   cx-scan:
diff --git a/.github/workflows/update-trivy-cron.yml b/.github/workflows/update-trivy-cache.yml
similarity index 66%
rename from .github/workflows/update-trivy-cron.yml
rename to .github/workflows/update-trivy-cache.yml
index 3c41bab1..394ceb53 100644
--- a/.github/workflows/update-trivy-cron.yml
+++ b/.github/workflows/update-trivy-cache.yml
@@ -1,16 +1,18 @@
+# Note: This workflow only updates the cache. You should create a separate workflow for your actual Trivy scans.
+# In your scan workflow, set TRIVY_SKIP_DB_UPDATE=true and TRIVY_SKIP_JAVA_DB_UPDATE=true.
 name: Update Trivy Cache
 
 on:
   schedule:
-    - cron: '0 0 * * *' # Run daily at midnight UTC
-  workflow_dispatch: # Allow manual triggering
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+  workflow_dispatch:  # Allow manual triggering
 
 jobs:
   update-trivy-db:
     runs-on: ubuntu-latest
     steps:
       - name: Setup oras
-        uses: oras-project/setup-oras@9c92598691bfef1424de2f8fae81941568f5889c # v1.2.1
+        uses: oras-project/setup-oras@5c0b487ce3fe0ce3ab0d034e63669e426e294e4d #v1.2.2
 
       - name: Get current date
         id: date
@@ -31,7 +33,7 @@ jobs:
           rm javadb.tar.gz
 
       - name: Cache DBs
-        uses: actions/cache/save@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.2.1
+        uses: actions/cache/save@1bd1e32a3bdc45362d1e726936510720a7c30a57 #v4.2.0
         with:
           path: ${{ github.workspace }}/.cache/trivy
           key: cache-trivy-${{ steps.date.outputs.date }}
\ No newline at end of file

From 00ded1756cd58331857c8360f2dad173bcdaad0d Mon Sep 17 00:00:00 2001
From: ruigomescx <rui.gomes@checkmarx.com>
Date: Tue, 18 Feb 2025 16:00:23 +0000
Subject: [PATCH 2/2] update go and git images

---
 Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 12bbee32..9fc998a3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
 # and "Missing User Instruction" since 2ms container is stopped after scan
 
 # Builder image
-FROM cgr.dev/chainguard/go@sha256:36fee4a2334d13bbf585ad2225ea1ca99fe65de366022e561ac157de26fd5ed6 AS builder
+FROM cgr.dev/chainguard/go@sha256:2453e92671fb693999e65fde99bbd5744b120b7dd70f3f7c7b220e185ec35050 AS builder
 
 WORKDIR /app
 
@@ -20,7 +20,7 @@ COPY . .
 RUN GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -a -o /app/2ms .
 
 # Runtime image
-FROM cgr.dev/chainguard/git@sha256:1169e026c3296ffa346bc2035f08a3397a22cc72753669a943435518022fd270
+FROM cgr.dev/chainguard/git@sha256:9e3ec4c4f1465ac810a7e4335d458582c43ad4e8dbaf8ab3a74f8f2a7fdffec2
 
 WORKDIR /app