From 34cae63718eef015dc31f5ce1afad8e507f0ec65 Mon Sep 17 00:00:00 2001
From: Bertrand Goareguer <bertrand.goareguer@gmail.com>
Date: Mon, 1 Jul 2024 15:03:41 +0000
Subject: [PATCH] fix(trivy): custom clean cache command

---
 templates/gitlab-ci-docker.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/gitlab-ci-docker.yml b/templates/gitlab-ci-docker.yml
index c399c43..c68a2ea 100644
--- a/templates/gitlab-ci-docker.yml
+++ b/templates/gitlab-ci-docker.yml
@@ -167,6 +167,9 @@ spec:
       - HIGH,CRITICAL
       - CRITICAL
       default: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
+    trivy-clean-cache-cmd:
+      description: Command used to clean the Trivy cache
+      default: clean --scan-cache
     trivy-args:
       description: Additional `trivy client` arguments
       default: --ignore-unfixed --vuln-type os --exit-on-eol 1
@@ -254,6 +257,7 @@ variables:
   DOCKER_TRIVY_SECURITY_LEVEL_THRESHOLD: $[[ inputs.trivy-security-level-threshold ]]
   DOCKER_TRIVY_IMAGE: $[[ inputs.trivy-image ]]
   DOCKER_TRIVY_ARGS: $[[ inputs.trivy-args ]]
+  DOCKER_TRIVY_CLEAN_CACHE_CMD: $[[ inputs.trivy-clean-cache-cmd ]]
   DOCKER_TRIVY_DB_REPOSITORY: $[[ inputs.trivy-db-repository ]]
   DOCKER_TRIVY_JAVA_DB_REPOSITORY: $[[ inputs.trivy-java-db-repository ]]
 
@@ -930,7 +934,7 @@ docker-trivy:
     TRIVY_CACHE_DIR: ".trivycache/"
   script: |
     # cache cleanup is needed when scanning images with the same tags, it does not remove the database
-    trivy image --clear-cache
+    trivy $DOCKER_TRIVY_CLEAN_CACHE_CMD
     export TRIVY_USERNAME=${DOCKER_REGISTRY_SNAPSHOT_USER:-${DOCKER_REGISTRY_USER:-$CI_REGISTRY_USER}}
     export TRIVY_PASSWORD=${DOCKER_REGISTRY_SNAPSHOT_PASSWORD:-${DOCKER_REGISTRY_PASSWORD:-$CI_REGISTRY_PASSWORD}}
     basename=$(echo "${DOCKER_SNAPSHOT_IMAGE}" | sed 's|[/:]|_|g')
-- 
GitLab