Merge pull request #61 from DiSSCo/hotfix/update-tables

update tables

.github/workflows/build.yaml

@@ -36,7 +36,7 @@ jobs:
         run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar 
                   -Dsonar.projectKey=DiSSCo_${{ github.event.repository.name }}
                   -Dsonar.exclusions=**/jooq/**
-                  -Dsonar.coverage.exclusions=**/properties/**,**/configuration/**,**/domain/**,**/exception/**,**/maven/**
+                  -Dsonar.coverage.exclusions=**/properties/**,**/configuration/**,**/maven/**
       - name: Login to Public ECR
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v1
@@ -47,28 +47,11 @@ jobs:
       - name: Build image
         run: |
           docker build -t ${{ github.event.repository.name }} .
-      - name: Trivy - List all vulnerabilities
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ github.event.repository.name }}'
-          format: 'table'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-      - name: Trivy - Stop on Severe Vulnerabilities
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ github.event.repository.name }}'
-          format: 'table'
-          ignore-unfixed: true
-          trivyignores: .github/workflows/.trivyignore
-          exit-code: '1'
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
-          images: public.ecr.aws/dissco/${{ github.event.repository.name }}
+          images: public.ecr.aws/m8w1i6p4/${{ github.event.repository.name }}
           tags: |
             type=sha
             type=raw,value=latest

.github/workflows/cache-trivy.yml

@@ -0,0 +1,31 @@
+name: Update Trivy Cache
+
+on:
+  schedule:
+    - cron: '0 0 * * *'  # Run daily at midnight UTC
+  workflow_dispatch:  # Allow manual triggering
+
+jobs:
+  update-trivy-db:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get current date
+        id: date
+        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
+      - name: Download and extract the Trivy vulnerability DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/db
+          oras pull ghcr.io/aquasecurity/trivy-db:2
+          tar -xzf db.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/db
+          rm db.tar.gz
+      - name: Download and extract the Trivy Java DB
+        run: |
+          mkdir -p $GITHUB_WORKSPACE/.cache/trivy/java-db
+          oras pull ghcr.io/aquasecurity/trivy-java-db:1
+          tar -xzf javadb.tar.gz -C $GITHUB_WORKSPACE/.cache/trivy/java-db
+          rm javadb.tar.gz
+      - name: Cache Trivy DBs
+        uses: actions/cache/save@v4
+        with:
+          path: ${{ github.workspace }}/.cache/trivy
+          key: cache-trivy-${{ steps.date.outputs.date }}