From 5a34cf916f025e80783c7cd744bf7d23807b552f Mon Sep 17 00:00:00 2001
From: Guy Owen <guy.owen@dpc.vic.gov.au>
Date: Thu, 15 Aug 2024 15:27:24 +1000
Subject: [PATCH 1/2] [DDS-2006] Updated base branch for scan for 6.x

---
 .../workflows/vulnerability-scan-schedule.yml | 25 +++----------------
 1 file changed, 3 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/vulnerability-scan-schedule.yml b/.github/workflows/vulnerability-scan-schedule.yml
index 69a77ee0..cdeaacbf 100644
--- a/.github/workflows/vulnerability-scan-schedule.yml
+++ b/.github/workflows/vulnerability-scan-schedule.yml
@@ -12,29 +12,10 @@ jobs:
     strategy:
       matrix:
         images: ${{ fromJson(vars.IMAGES) }}
-        branches: ${{ fromJson(vars.BRANCHES) }}
-        exclude:
-          - images: ci-builder
-            branches: 4.x
-          - images: clamav
-            branches: 4.x
-          - images: elasticsearch
-            branches: 4.x
-          - images: mailhog
-            branches: 4.x
-          - images: mariadb
-            branches: 4.x
-          - images: nginx
-            branches: 4.x
-          - images: php-cli
-            branches: 4.x
-          - images: php-fpm
-            branches: 4.x
-          - images: ripple-static
-            branches: 4.x
-          - images: mailpit
-            branches: 5.x
     steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: 6.x
       - name: Scan for vulnerabilities
         id: scan
         uses: crazy-max/ghaction-container-scan@v3

From 81f79bcabed6204565c603c34f0b9b89ef6ad39c Mon Sep 17 00:00:00 2001
From: Guy Owen <guy.owen@dpc.vic.gov.au>
Date: Thu, 15 Aug 2024 16:55:03 +1000
Subject: [PATCH 2/2] [DDS-2006] Added separate vul10y workflows for 5.x and
 6.x

---
 .../vulnerability-scan-schedule-5x.yml        | 31 +++++++++++++++++++
 ...yml => vulnerability-scan-schedule-6x.yml} |  0
 2 files changed, 31 insertions(+)
 create mode 100644 .github/workflows/vulnerability-scan-schedule-5x.yml
 rename .github/workflows/{vulnerability-scan-schedule.yml => vulnerability-scan-schedule-6x.yml} (100%)

diff --git a/.github/workflows/vulnerability-scan-schedule-5x.yml b/.github/workflows/vulnerability-scan-schedule-5x.yml
new file mode 100644
index 00000000..8eeef375
--- /dev/null
+++ b/.github/workflows/vulnerability-scan-schedule-5x.yml
@@ -0,0 +1,31 @@
+name: vulnerability-scan-schedule
+run-name: Scheduled CVE vulnerability scan of published images.
+env:
+  REGISTRY: ghcr.io
+on:
+  schedule:
+    - cron: '0 22 * * 3'
+jobs:
+  vulnerability-scan-schedule:
+    if: github.event_name == 'schedule'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        images: ${{ fromJson(vars.IMAGES) }}
+        exclude:
+          - images: mailpit
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: 5.x
+      - name: Scan for vulnerabilities
+        id: scan
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ env.REGISTRY }}/${{ github.repository }}/${{ matrix.images }}:${{matrix.branches}}
+          dockerfile: ./images/${{ matrix.images }}
+      - name: Upload SARIF file
+        if: ${{ steps.scan.outputs.sarif != '' }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/.github/workflows/vulnerability-scan-schedule.yml b/.github/workflows/vulnerability-scan-schedule-6x.yml
similarity index 100%
rename from .github/workflows/vulnerability-scan-schedule.yml
rename to .github/workflows/vulnerability-scan-schedule-6x.yml