From e94d96bed9faf338f168fe3553ea793194b727d1 Mon Sep 17 00:00:00 2001
From: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
Date: Tue, 24 Sep 2024 08:03:48 +0200
Subject: [PATCH 1/3] Limit scope of changes that are monitored by Trivy scan

Do not start Trivy scan if changes not related to dependencies.
Run Trivy on daily bases.

Required-githooks: true

Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
---
 .github/workflows/trivy.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index a9eec6447fd..324a6703dac 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -1,8 +1,19 @@
+# SPDX-License-Identifier: BSD-2-Clause-Patent
+# Copyright (C) 2024 Intel Corporation.
+
 name: Trivy scan
 
 on:
+  schedule:
+    - cron: '45 8 * * *'
+
   pull_request:
     branches: ["master", "release/**"]
+    paths:
+      - '**/go.mod'
+      - '**/pom.xml'
+      - '**/requirements.txt'
+      - '**/*trivy*'
 
 # Declare default permissions as nothing.
 permissions: {}

From 775db2c15bfc5d04b1ac914adbd895b286589187 Mon Sep 17 00:00:00 2001
From: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
Date: Tue, 24 Sep 2024 08:00:49 +0200
Subject: [PATCH 2/3] Fix: remove unsupported option

Required-githooks: true

Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
---
 utils/trivy/trivy.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/utils/trivy/trivy.yaml b/utils/trivy/trivy.yaml
index 293f7b1ba9f..2d3119efd37 100644
--- a/utils/trivy/trivy.yaml
+++ b/utils/trivy/trivy.yaml
@@ -1,6 +1,5 @@
 cache:
-  backend: fs
-  clear: false
+  backend: memory
   dir:
   redis:
     ca: ""

From d85efeb188873df54befebd8f801e2107d430d03 Mon Sep 17 00:00:00 2001
From: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
Date: Tue, 24 Sep 2024 08:46:28 +0200
Subject: [PATCH 3/3] Fix

Required-githooks: true

Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
---
 .github/workflows/trivy.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 324a6703dac..5626790db70 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -7,8 +7,10 @@ on:
   schedule:
     - cron: '45 8 * * *'
 
-  pull_request:
+  push:
     branches: ["master", "release/**"]
+
+  pull_request:
     paths:
       - '**/go.mod'
       - '**/pom.xml'