From 235875e5cf5e9fd127f89f30f58b527a0e91df05 Mon Sep 17 00:00:00 2001
From: Andrew Coleman <andrew_coleman@uk.ibm.com>
Date: Fri, 31 Jan 2025 09:26:11 +0000
Subject: [PATCH] chore: pin osv-scanner

The `ghcr.io/google/osv-scanner:latest` docker image was updated to `v2.0.0-beta1`.
This breaks the build with the error:
`Failed to parse SBOM "/bom.json" with error: could not determine extractor suitable to this file`

This commit pins the image tag to last working release `v1.9.2`

Signed-off-by: Andrew Coleman <andrew_coleman@uk.ibm.com>
---
 .github/workflows/pr.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 877510d15..9f4c66404 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -69,7 +69,7 @@ jobs:
         with:
           name: cyclonedx-sbom
       - name: Scan
-        run: docker run --rm -v "${PWD}/${{ matrix.project }}/build/reports/bom.json:/bom.json" ghcr.io/google/osv-scanner --sbom /bom.json
+        run: docker run --rm -v "${PWD}/${{ matrix.project }}/build/reports/bom.json:/bom.json" ghcr.io/google/osv-scanner:v1.9.2 --sbom /bom.json
   java:
     name: Build and Test Java
     runs-on: ubuntu-latest
@@ -112,7 +112,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macOS-latest]
+        os: [ubuntu-latest]
     steps:
     - uses: actions/checkout@v4
       with: