sourcefuse · piyushsinghgaur1 · Mar 9, 2026
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -13,17 +13,21 @@ on:
 jobs:
   # This workflow contains a single job called "trivy"
   trivy:
-    # The type of runner that the job will run on
-    runs-on: [self-hosted, linux, codebuild]
+    runs-on: ubuntu-latest
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.28.0
-        with:
-          scan-type: "fs"
-          scan-ref: "${{ github.workspace }}"
-          trivy-config: "${{ github.workspace }}/trivy.yml"
+      - name: Install Trivy
+        run: |
+          sudo apt-get install -y wget apt-transport-https gnupg lsb-release
+          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
+          echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb generic main" | sudo tee /etc/apt/sources.list.d/trivy.list
+          sudo apt-get update -qq
+          sudo apt-get install -y trivy
+          trivy --version
+
+      - name: Run Trivy vulnerability scanner (fs)
+        run: |
+          trivy fs . --config "${{ github.workspace }}/trivy.yml"