Update scan-vulns.yaml

.github/workflows/scan-vulns.yaml

@@ -54,10 +54,15 @@ jobs:
           wget https://github.com/aquasecurity/trivy/releases/download/v${{ env.TRIVY_VERSION }}/trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
+      
+      - name: Set up trivy cache directory
+        run: |
+          mkdir -p ~/.cache/trivy
+          cp -r ${{ github.workspace }}/.cache/trivy ~/.cache/trivy
 
       - name: Run trivy on git repository
         run: |
-          trivy fs --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --format table --ignore-unfixed --scanners vuln .
+          trivy fs --skip-db-update --format table --ignore-unfixed --scanners vuln .
 
       - name: Build docker images
         run: |
@@ -66,10 +71,10 @@ jobs:
       - name: Run trivy on images for all severity
         run: |
           for img in "localbuild:test" "localbuildcrd:test"; do
-              trivy image --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --ignore-unfixed --vuln-type="os,library" "${img}"
+              trivy image --skip-db-update --ignore-unfixed --vuln-type="os,library" "${img}"
           done
       - name: Run trivy on images and exit on HIGH/CRITICAL severity
         run: |
           for img in "localbuild:test" "localbuildcrd:test"; do
-              trivy image --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --ignore-unfixed --exit-code 1 --severity HIGH,CRITICAL --vuln-type="os,library" "${img}"
+              trivy image --skip-db-update --ignore-unfixed --exit-code 1 --severity HIGH,CRITICAL --vuln-type="os,library" "${img}"
           done