topcoder-platform · kkartunov · Oct 27, 2025 · Oct 24, 2025 · Oct 27, 2025 · Oct 27, 2025
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -0,0 +1,34 @@
+name: Trivy Scanner
+
+permissions:
+  contents: read
+  security-events: write
+on:
+  push:
+    branches:
+      - main
+      - dev
+  pull_request:
+jobs:
+  trivy-scan:
+    name: Use Trivy
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy scanner in repo mode
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: "fs"
+          ignore-unfixed: true
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH,UNKNOWN"
+          scanners: vuln,secret,misconfig,license
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "trivy-results.sarif"
diff --git a/src/api/admin/admin.service.ts b/src/api/admin/admin.service.ts
@@ -19,6 +19,16 @@ import {
 } from 'src/shared/topcoder/challenges.service';
 import { Logger } from 'src/shared/global';
 
+function formatDate(date = new Date()) {
+  const pad = (n, z = 2) => String(n).padStart(z, '0');
+
+  return (
+    `${date.getFullYear()}-${pad(date.getMonth() + 1)}-${pad(date.getDate())} ` +
+    `${pad(date.getHours())}:${pad(date.getMinutes())}:${pad(date.getSeconds())}.` +
+    `${pad(date.getMilliseconds(), 3)}`
+  );
+}
+
 /**
  * The admin winning service.
  */
@@ -322,7 +332,7 @@ export class AdminService {
           userId: +winning.winner_id,
           status: body.paymentStatus,
           amount: body.paymentAmount,
-          releaseDate: body.releaseDate,
+          releaseDate: formatDate(new Date(body.releaseDate)),
         };
 
         await this.tcChallengesService.updateLegacyPayments(