fixup! feat: feat: add trivy vulnerability check

.github/workflows/check.yml

@@ -110,31 +110,27 @@ jobs:
           path: build/target/hale-studio-*macosx*.dmg
           retention-days: 14
 
-      - name: Set up Trivy
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y wget apt-transport-https gnupg lsb-release
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install -y trivy
-          trivy --version
-
       - name: Extract the archive file
         run: |
           mkdir -p extracted
           tar -xzf build/target/hale-studio-*linux*.tar.gz -C extracted
+ 
+      - name: Install Trivy
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y wget
+          wget https://github.com/aquasecurity/trivy/releases/latest/download/trivy_0.40.0_Linux-64bit.tar.gz
+          tar zxvf trivy_0.40.0_Linux-64bit.tar.gz
+          sudo mv trivy /usr/local/bin/
 
       - name: Run Trivy scan
         run: |
           trivy fs --severity CRITICAL,HIGH build/target/hale-studio-*linux* --format sarif --output trivy-results.sarif
 
-
-      - name: Upload Trivy scan results to file
-        uses: actions/upload-artifact@v2
+      - name: Upload Trivy SARIF report
+        uses: github/codeql-action/upload-sarif@v1
         with:
-          name: trivy-results
-          path: trivy-results.sarif    
+          sarif_file: trivy-results.sarif
 
       - name: Find artifact comment if it exists
         if: "! github.event.pull_request.head.repo.fork " # Only run with write permissions