Fix trivy scan and update (#88)

* fix trivy scan and update

* fix trivy scan and update

Author: zodilib

.github/workflows/autoupdate-pre-commit.yaml

@@ -7,7 +7,7 @@ on:
   # on demand
   workflow_dispatch:
 
-# Request from Org admin to allow Github Action workflow to make PR under Settings > Actions > General 
+# Request from Org admin to allow Github Action workflow to make PR under Settings > Actions > General
 permissions:
   actions: read
   checks: read

.github/workflows/sonarqube.yaml

@@ -23,7 +23,7 @@ jobs:
   build:
     name: Build
     runs-on:
-      - ${{ inputs.default_runner_override_label }} 
+      - ${{ inputs.default_runner_override_label }}
       - ${{ inputs.runner_label }}
     steps:
       - uses: actions/checkout@v2

.github/workflows/terraform.yaml

@@ -322,13 +322,13 @@ jobs:
           submodules: ${{ inputs.enable_submodules }}
 
       - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@0.19.0
+        uses: aquasecurity/trivy-action@0.20.0
         with:
-          scan-type: 'config'
+          scan-type: 'fs'
           hide-progress: false
           format: 'sarif'
           output: 'trivy-results.sarif'
-          exit-code: '0'
+          exit-code: '1'
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH'