From f2468f1f93074d4f2e56ef1a1dffa9293ee86da1 Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Tue, 9 Sep 2025 15:27:27 +0200
Subject: [PATCH 1/2] Bump Trivy to v0.66.0

---
 .github/workflows/stackhpc-container-image-build.yml | 2 +-
 tools/scan-images.sh                                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/stackhpc-container-image-build.yml b/.github/workflows/stackhpc-container-image-build.yml
index b35dd20d41..3844c3622f 100644
--- a/.github/workflows/stackhpc-container-image-build.yml
+++ b/.github/workflows/stackhpc-container-image-build.yml
@@ -155,7 +155,7 @@ jobs:
 
       - name: Install Trivy
         run: |
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.62.1
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.66.0
 
       - name: Install yq
         run: |
diff --git a/tools/scan-images.sh b/tools/scan-images.sh
index feba9bbc5f..8b678b5d8c 100755
--- a/tools/scan-images.sh
+++ b/tools/scan-images.sh
@@ -22,7 +22,7 @@ usage() {
 # Check dependencies are installed, print installation instructions otherwise
 check_deps_installed() {
   if ! trivy --version > /dev/null; then
-    echo 'Please install trivy: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.62.1'
+    echo 'Please install trivy: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.66.0'
     exit 1
   fi
   if ! yq --version > /dev/null; then

From f0211068a51a45d36ad9387139ef9b654d5ca8ff Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Tue, 9 Sep 2025 15:39:28 +0200
Subject: [PATCH 2/2] Disable Trivy telemetry and version check

---
 tools/scan-images.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/scan-images.sh b/tools/scan-images.sh
index 8b678b5d8c..ca31350fb8 100755
--- a/tools/scan-images.sh
+++ b/tools/scan-images.sh
@@ -1,6 +1,11 @@
 #!/usr/bin/env bash
 set -eo pipefail
 
+# Disable telemetry and version check:
+# https://github.com/aquasecurity/trivy/discussions/8945
+export TRIVY_DISABLE_TELEMETRY=true
+export TRIVY_SKIP_VERSION_CHECK=true
+
 # Global variables
 scan_common_args=" \
                   --exit-code 1 \