update trivy and cache trivy DB

action.yml

@@ -56,7 +56,7 @@ runs:
       uses: jaxxstorm/action-install-gh-release@25d5e2dd555cd74f1fab9ac1e6ea117acde2c0c4 # v1.12.0
       with:
         repo: CycloneDX/cyclonedx-cli
-        tag: v0.25.1 # optional, otherwise use latest
+        tag: v0.27.1 # optional, otherwise use latest
 
         # extension-matching: disable # disable extension matching because artifacts are binaries
 
@@ -90,17 +90,27 @@ runs:
     # Scan for security vulnerabilities
     #
 
+    - name: Restore trivy cache
+      id: cache-trivy-restore
+      uses: actions/cache/restore@v4
+      with:
+        path: .trivy
+        key: ${{ runner.os }}-trivy-${{ github.job }}-${{ github.run_id }}
+        restore-keys: |
+            ${{ runner.os }}-trivy-
+
       # https://github.com/aquasecurity/trivy-action
       # Approach based on https://github.com/aquasecurity/trivy-action/issues/173#issuecomment-1497774518
     - name: Create SBOM
       if: "${{ inputs.scan-ref == '' }}"
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
       with:
         image-ref: '${{ inputs.image-ref }}'
         scan-type: "${{ inputs.image-ref != '' && 'image' || 'fs' }}"
         format: 'cyclonedx' # spdx-json
         template: '@/contrib/junit.tpl'
         output: "${{ env.REPORT_SLUG }}-sbom.json"
+        cache-dir: .trivy
     - name: Use existing SBOM
       if: "${{ inputs.scan-ref != '' }}"
       shell: bash
@@ -123,7 +133,7 @@ runs:
 
       # https://github.com/aquasecurity/trivy-action
     - name: Scan for critical vulnerabilities (create JUnit report)
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
       if: "${{ inputs.junit-test-output != '' || inputs.create-test-report }}"
       with:
         scan-ref: "${{ env.REPORT_SLUG }}-sbom.json"
@@ -134,15 +144,17 @@ runs:
         ignore-unfixed: true
         vuln-type: 'os,library'
         severity: ${{ inputs.fail-for }}
+        cache-dir: .trivy
 
     - name: Create vulnerability report as HTML
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
       with:
         scan-ref: "${{ env.REPORT_SLUG }}-sbom.json"
         scan-type: sbom
         format: 'template'
         template: '@/contrib/html.tpl'
         output: ${{ env.REPORT_FILENAME }}
+        cache-dir: .trivy
     - name: Upload vulnerability report
       uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
       if: always()
@@ -158,20 +170,33 @@ runs:
         cp ${GITHUB_ACTION_PATH}/summary.tpl ./trivy-summary.tpl
     - name: Create summary on vulnerabilities
       if: ${{ inputs.create-summary == 'true' }}
-      uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # 0.23.0
+      uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
       with:
         scan-ref: "${{ env.REPORT_SLUG }}-sbom.json"
         scan-type: sbom
         format: 'template'
         template: '@trivy-summary.tpl'
         output: 'trivy.md'
+        cache-dir: .trivy
     - name: Add to job summary
       if: ${{ inputs.create-summary == 'true' }}
       shell: bash
       run: |
         echo "### Vulnerability summary (${{ inputs.image-ref != '' && inputs.image-ref || 'fs' }})" >> $GITHUB_STEP_SUMMARY
         cat trivy.md >> $GITHUB_STEP_SUMMARY
 
+      # Save trivy cache
+    - name: Fix .trivy permissions
+      shell: bash
+      run: sudo chown -R $(stat . -c %u:%g) .trivy
+    - name: Save trivy cache
+      if: always() # always save
+      id: cache-trivy-save
+      uses: actions/cache/save@v4
+      with:
+        path: .trivy
+        key: ${{ steps.cache-trivy-restore.outputs.cache-primary-key }}
+
     #
     # Report on unit tests and critical vulnerabilities
     #