Fixing github actions jobs

.github/workflows/cve-scan.yml

@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Build image
         id: build
         run: |
@@ -24,8 +24,15 @@ jobs:
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ steps.build.outputs.image }}
-          format: table
-          exit-code: "1"
+          format: cyclonedx
           ignore-unfixed: true
           vuln-type: os,library
-          severity: CRITICAL,HIGH
+          severity: CRITICAL,HIGH
+          scanners: 'vuln'
+          output: 'project.sbom.json'
+      - name: Upload trivy report as a Github artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-sbom-report
+          path: '${{ github.workspace }}/project.sbom.json'
+          retention-days: 1

.github/workflows/test.yml

@@ -6,14 +6,14 @@ on:
       - '**'
 
 permissions:
-  content: read
+  contents: read
 
 jobs:
   test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: action/checkout@v4
+        uses: actions/checkout@v4
       - name: Setup Golang
         uses: actions/setup-go@v4
         with:

go.mod

@@ -2,6 +2,6 @@ module github.com/knabben/cve-poc
 
 go 1.21
 
-require golang.org/x/net v0.21.0
+require golang.org/x/net v0.6.0
 
 require golang.org/x/text v0.14.0 // indirect

go.sum

@@ -1,4 +1,4 @@
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=