From 3a1b2781a6cab5f32ab2291c9b707abc3ff67772 Mon Sep 17 00:00:00 2001
From: codex <codex@bstein.dev>
Date: Tue, 21 Apr 2026 22:50:25 -0300
Subject: [PATCH] ci(soteria): use preloaded quality scanner image

---
 Jenkinsfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 3edf576..7e247b8 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -36,7 +36,7 @@ spec:
         - name: workspace-volume
           mountPath: /home/jenkins/agent
     - name: quality-tools
-      image: registry.bstein.dev/bstein/quality-tools:sonar8.0.1-trivy0.70.0-arm64
+      image: registry.bstein.dev/bstein/quality-tools:sonar8.0.1-trivy0.70.0-db20260422-arm64
       command:
         - cat
       tty: true
@@ -119,7 +119,7 @@ spec:
             set +e
             sonar-scanner "${args[@]}" | tee build/sonar-scanner.log
             sonar_rc=${PIPESTATUS[0]}
-            trivy fs --no-progress --format json --output build/trivy-fs.json --scanners vuln,secret,misconfig --severity HIGH,CRITICAL .
+            trivy fs --cache-dir "${TRIVY_CACHE_DIR}" --skip-db-update --timeout 5m --no-progress --format json --output build/trivy-fs.json --scanners vuln,secret,misconfig --severity HIGH,CRITICAL .
             trivy_rc=$?
             set -e
             printf '%s\n' "${sonar_rc}" > build/sonarqube-analysis.rc