From 76107116c60e893ddc9b920e93ddc7c7754d94d7 Mon Sep 17 00:00:00 2001
From: za <za@python.or.id>
Date: Mon, 16 Dec 2024 19:02:35 +0700
Subject: [PATCH] Replace tfsec with trivy on github workflows and
 renovate.json

because tfsec is no longer updated
Issue: https://github.com/OWASP/wrongsecrets/issues/1764
---
 .github/workflows/pre-commit.yml | 7 +++----
 renovate.json                    | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 8c6d99136..42e7cf1ab 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -54,11 +54,10 @@ jobs:
           tar -zxvf terraform_docs.tar.gz terraform-docs
           chmod +x terraform-docs
           mv terraform-docs /usr/local/bin/
-      - name: Setup tfsec
+      - name: Setup trivy
         run: |
-          curl --output tfsec https://github.com/aquasecurity/tfsec/releases/download/${{env.TFSEC_VERSION}}/tfsec-linux-amd64
-          chmod +x tfsec
-          mv tfsec /usr/local/bin/
+          curl --output trivy https://github.com/aquasecurity/trivy/releases/download/v${{env.TRIVY_VERSION}}/trivy_{{env.TRIVY_VERSION}}_Linux-64bit.deb
+          sudo dpkg -i trivy.deb
       - name: Pre-commit checks
         uses: pre-commit/action@v3.0.1
       - name: pre-commit-ci-lite
diff --git a/renovate.json b/renovate.json
index 86c870091..9595b3d2d 100644
--- a/renovate.json
+++ b/renovate.json
@@ -28,9 +28,9 @@
         {
             "customType": "regex",
             "fileMatch": ".github/workflows/pre-commit.yml",
-            "depNameTemplate": "aquasecurity/tfsec",
+            "depNameTemplate": "aquasecurity/trivy",
             "matchStrings": [
-                "TFSEC_VERSION=\"(?<currentValue>.*?)\""
+                "TRIVY_VERSION=\"(?<currentValue>.*?)\""
             ],
             "datasourceTemplate": "github-releases"
         },