fix(trivy): fixes to trivy config syntax

.github/workflows/build-images-from-branch.yml

@@ -33,12 +33,20 @@ jobs:
           ref: '${{ github.event.inputs.branch_name }}'
 
       - uses: actions/checkout@v4
-        if: github.event_name == 'push' || github.event_name == 'pull_request'
+        if: github.event_name == 'push'
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - uses: actions/checkout@v4
+        if: github.event_name == 'pull_request'
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Set version and branch
         id: set-version-and-branch
         run: |
           export VERSION=`git log -1 --pretty=format:%h`
+          echo "Pushing version $VERSION"
           echo "version=$VERSION" >> $GITHUB_OUTPUT
           if [ "${{ github.event_name }}" == 'push' ]; then
             BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}
@@ -48,6 +56,7 @@ jobs:
             BRANCH=${{ inputs.branch_name }}
           fi
           ESCAPED_BRANCH=$(echo $BRANCH | sed 's/[^a-zA-Z0-9_.-]/-/g')
+          echo "from branch $BRANCH"
           echo "branch=$ESCAPED_BRANCH" >> $GITHUB_OUTPUT
 
       - name: Get list of services

trivy.yaml

@@ -20,6 +20,8 @@ scan:
     - sequence-diagrams
     - usr/local/share/.cache/yarn/v6/
     - home/node/.cache/yarn/v6
+  skip-files:
+    - '**/*.dockerignore'
   scanners:
     - vuln
     - misconfig
@@ -28,8 +30,7 @@ vulnerability:
   ignore-unfixed: true
 db:
   repository: 'ghcr.io/opencrvs/trivy-db'
-java:
-  db:
-    repository: 'ghcr.io/opencrvs/trivy-java-db'
+  java-repository: 'ghcr.io/opencrvs/trivy-java-db'
+
 policies-bundle:
   repository: 'ghcr.io/opencrvs/trivy-checks'