Downgrade kics real time to version v2.1.3 instead of latest

.github/workflows/ci.yml

@@ -171,7 +171,6 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           output: './trivy-image-results.txt'
-          severity: 'CRITICAL,HIGH,MEDIUM,LOW'
         env:
           TRIVY_SKIP_DB_UPDATE: true
           TRIVY_SKIP_JAVA_DB_UPDATE: true

Dockerfile

@@ -1,4 +1,4 @@
-FROM checkmarx/bash:5.2.37-r2
+FROM checkmarx/bash:5.2.37-r2-ef73fbf0f86d3b@sha256:ef73fbf0f86d3b0f1b9d0af383939a482f9ec0b0227fc5a330c70753f2e1da75
 USER nonroot
 
 COPY cx /app/bin/cx

internal/commands/scan.go

@@ -60,7 +60,7 @@ const (
 	containerVolumeFlag             = "-v"
 	containerNameFlag               = "--name"
 	containerRemove                 = "--rm"
-	containerImage                  = "checkmarx/kics:latest"
+	containerImage                  = "checkmarx/kics:v2.1.3"
 	containerScan                   = "scan"
 	containerScanPathFlag           = "-p"
 	containerScanPath               = "/path"

internal/commands/util/remediation.go

@@ -27,7 +27,7 @@ const (
 	filesContainerVolume      = ":/files"
 	resultsContainerLocation  = "/kics/"
 	containerRemove           = "--rm"
-	containerImage            = "checkmarx/kics:latest"
+	containerImage            = "checkmarx/kics:v2.1.3"
 	containerNameFlag         = "--name"
 	remediateCommand          = "remediate"
 	resultsFlag               = "--results"