diff --git a/.github/workflows/.trivyignore b/.github/workflows/.trivyignore
index ac5f315..4f7c69f 100644
--- a/.github/workflows/.trivyignore
+++ b/.github/workflows/.trivyignore
@@ -1,15 +1,3 @@
-# Feb 27, 2026
-# Issue with libpng, alpine image
-CVE-2026-25646
-
-# March 9, 2026
-# Issue with zlib, alpine image
-CVE-2026-22184
-
-# April 7, 2026
-# Issue with libpng, alpine image
-CVE-2026-33416
-
-# April 7, 2026
-# Issue with libpng, alpine image
-CVE-2026-33636
\ No newline at end of file
+# May 6, 2026
+# Issue with postgresql, spring boot should update version
+CVE-2026-42198
\ No newline at end of file
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index bb39e9c..0c3d574 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -6,7 +6,7 @@ on:
pull_request:
types: [opened, synchronize, reopened]
schedule:
- - cron: "0 4 * * MON" # run on Monday at 4 AM
+ - cron: "0 3 1 * *" # At 3:00 on the 1st day of the month
workflow_dispatch: # Allow manual triggering
jobs:
build:
@@ -45,7 +45,7 @@ jobs:
run: |
docker build -t ${{ github.event.repository.name }} .
- name: Trivy - List all vulnerabilities
- uses: aquasecurity/trivy-action@master
+ uses: aquasecurity/trivy-action@v0.35.0
with:
image-ref: '${{ github.event.repository.name }}'
format: 'table'
@@ -55,7 +55,7 @@ jobs:
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
- name: Trivy - Stop on Severe Vulnerabilities
- uses: aquasecurity/trivy-action@master
+ uses: aquasecurity/trivy-action@v0.35.0
if: github.event_name != 'push'
with:
image-ref: '${{ github.event.repository.name }}'
diff --git a/pom.xml b/pom.xml
index f084d10..7785bfb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
org.springframework.boot
spring-boot-starter-parent
- 4.0.5
+ 4.0.6
eu.dissco