From d5d9c5b6f81814de4cf411aee7838fabc60892fc Mon Sep 17 00:00:00 2001
From: Daniel Jiang <daniel.jiang@broadcom.com>
Date: Wed, 9 Oct 2024 14:22:23 +0800
Subject: [PATCH] bump up to trivy v0.56.1

Signed-off-by: Daniel Jiang <daniel.jiang@broadcom.com>
---
 Dockerfile                       | 2 +-
 Dockerfile.dev                   | 6 ++++--
 go.sum                           | 1 +
 test/component/component_test.go | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 8fd00710..0b484ec8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # That's the only place where you're supposed to specify version of Trivy.
-ARG TRIVY_VERSION=0.54.1
+ARG TRIVY_VERSION=0.56.1
 
 FROM aquasec/trivy:${TRIVY_VERSION}
 
diff --git a/Dockerfile.dev b/Dockerfile.dev
index beb3a2be..f9c68d36 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -1,8 +1,8 @@
 # That's the only place where you're supposed to specify version of Trivy.
-ARG TRIVY_VERSION=0.46.0
+ARG TRIVY_VERSION=0.56.1
 ARG SKAFFOLD_GO_GCFLAGS
 
-FROM golang:1.21-alpine AS builder
+FROM golang:1.22 AS builder
 
 WORKDIR /go/src/github.com/aquasecurity/harbor-scanner-trivy
 
@@ -30,4 +30,6 @@ COPY --from=builder /go/src/github.com/aquasecurity/harbor-scanner-trivy/scanner
 
 ENV TRIVY_VERSION=${TRIVY_VERSION}
 
+USER scanner
+
 ENTRYPOINT ["/home/scanner/bin/scanner-trivy"]
diff --git a/go.sum b/go.sum
index 3e72081d..bf33dd02 100644
--- a/go.sum
+++ b/go.sum
@@ -94,6 +94,7 @@ github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
 github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
+github.com/imdario/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
diff --git a/test/component/component_test.go b/test/component/component_test.go
index c32f7260..f3c0896d 100644
--- a/test/component/component_test.go
+++ b/test/component/component_test.go
@@ -26,7 +26,7 @@ var (
 	trivyScanner = harbor.Scanner{
 		Name:    "Trivy",
 		Vendor:  "Aqua Security",
-		Version: "0.54.1",
+		Version: "0.56.1",
 	}
 )