From f316ec94bdc400f3fdb8a544d7d0e98299c34282 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Tue, 1 Oct 2024 16:45:07 +0200
Subject: [PATCH] Work around ghcr.io rate limiting for Trivy database
 downloads

See:

* https://github.com/aquasecurity/trivy-action/issues/389
* https://github.com/orgs/community/discussions/139074

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .github/workflows/_meta-build.yaml                           | 4 ++++
 .../tasks/scanners/TrivyAnalysisTaskIntegrationTest.java     | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml
index 008a21d7c1..890f76be5e 100644
--- a/.github/workflows/_meta-build.yaml
+++ b/.github/workflows/_meta-build.yaml
@@ -136,6 +136,10 @@ jobs:
       - name: Run Trivy Vulnerability Scanner
         if: ${{ inputs.publish-container }}
         uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # tag=0.24.0
+        env:
+          # https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"
+          TRIVY_JAVA_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-java-db:1"
         with:
           image-ref: docker.io/dependencytrack/${{ matrix.distribution }}:${{ inputs.app-version }}
           format: 'sarif'
diff --git a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskIntegrationTest.java b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskIntegrationTest.java
index 50bfb51832..160c709931 100644
--- a/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskIntegrationTest.java
+++ b/src/test/java/org/dependencytrack/tasks/scanners/TrivyAnalysisTaskIntegrationTest.java
@@ -93,7 +93,10 @@ public void before() throws Exception {
                 .withExposedPorts(8080)
                 .withCreateContainerCmdModifier(cmd -> cmd.getHostConfig()
                         .withBinds(Bind.parse("%s:/tmp/cache".formatted(trivyCacheVolumeName))))
-                .waitingFor(forLogMessage(".*Listening :8080.*", 1));
+                .waitingFor(forLogMessage(".*Listening :8080.*", 1))
+                // https://github.com/aquasecurity/trivy-action/issues/389
+                .withEnv("TRIVY_DB_REPOSITORY", "public.ecr.aws/aquasecurity/trivy-db:2")
+                .withEnv("TRIVY_JAVA_DB_REPOSITORY", "public.ecr.aws/aquasecurity/trivy-java-db:1");
         trivyContainer.start();
 
         qm.createConfigProperty(