From d30d79dd136af24203df8d53723b09fe52f42a79 Mon Sep 17 00:00:00 2001
From: Sergei Maertens <sergei@maykinmedia.nl>
Date: Wed, 16 Oct 2024 15:10:59 +0200
Subject: [PATCH] :construction_worker: Backport #4750 to stable branches

(cherry picked from commit 70b33abd207e31634869df5ac95ef3491e113842)
---
 .github/workflows/ci.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6ced13f266..de1c58c11c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -407,16 +407,19 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: docker-image-all-extensions-${{ needs.docker_build_setup.outputs.version }}
+
       - name: Scan image with Trivy
         uses: aquasecurity/trivy-action@master
         with:
-          input: /github/workspace/image.tar  # from download-artifact
+          input: ${{ github.workspace }}/image.tar  # from download-artifact
           format: 'sarif'
           output: 'trivy-results-docker.sarif'
           ignore-unfixed: true
         env:
-          # See https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2368662097
-          ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Uses the cache from trivy.yml workflow
+          TRIVY_SKIP_DB_UPDATE: true
+          TRIVY_SKIP_JAVA_DB_UPDATE: true
+
       - name: Upload results to GH Security tab
         uses: github/codeql-action/upload-sarif@v3
         with: