From a1de36ccff67bc406c2406b6b037f634f82a8ea3 Mon Sep 17 00:00:00 2001
From: Vishal Choudhary <vishal.choudhary@nirmata.com>
Date: Mon, 7 Oct 2024 19:44:35 +0530
Subject: [PATCH 1/2] feat: bump chainsaw (#210)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---
 .github/workflows/conformance-tests.yaml | 2 +-
 .github/workflows/migration-tests.yaml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/conformance-tests.yaml b/.github/workflows/conformance-tests.yaml
index 64916c3..df4fc39 100644
--- a/.github/workflows/conformance-tests.yaml
+++ b/.github/workflows/conformance-tests.yaml
@@ -92,7 +92,7 @@ jobs:
           set -e
           kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@d1a61148c0437a66760d11d8575332305c2234cb # v0.2.10
+        uses: kyverno/action-install-chainsaw@d311eacde764f806c9658574ff64c9c3b21f8397 # v0.2.11
       - name: Test with Chainsaw
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/migration-tests.yaml b/.github/workflows/migration-tests.yaml
index dfb1edc..33616db 100644
--- a/.github/workflows/migration-tests.yaml
+++ b/.github/workflows/migration-tests.yaml
@@ -107,7 +107,7 @@ jobs:
           set -e
           kubectl get apiservices v1alpha2.wgpolicyk8s.io v1.reports.kyverno.io
       - name: Install Chainsaw
-        uses: kyverno/action-install-chainsaw@d1a61148c0437a66760d11d8575332305c2234cb # v0.2.10
+        uses: kyverno/action-install-chainsaw@d311eacde764f806c9658574ff64c9c3b21f8397 # v0.2.11
       - name: Test with Chainsaw
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 75ae7a911a481ff9868dcfcd84ba8ed71f50b8ac Mon Sep 17 00:00:00 2001
From: Vishal Choudhary <vishal.choudhary@nirmata.com>
Date: Mon, 7 Oct 2024 19:48:57 +0530
Subject: [PATCH 2/2] fix: trivy failure in codeql action (#211)

* fix: trivy failure in codeql action

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

* feat: bump trivy

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

---------

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>
---
 .github/workflows/codeql.yaml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 0d5a561..da8332e 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -27,7 +27,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # v0.17.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: fs
           ignore-unfixed: false
@@ -37,8 +37,12 @@ jobs:
           scanners: vuln,secret
           exit-code: '0'
           vuln-type: os,library
+        env:
+          # Trivy is returning TOOMANYREQUESTS
+          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           sarif_file: trivy-results.sarif
-          category: code
\ No newline at end of file
+          category: code