[ci] Use HACK to get vulnerabilies db of trivy.

See : - https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/5198 - aquasecurity/trivy#7699
eclipse-leshan · Oct 25, 2024 · 0735507 · 0735507
1 parent 6f2f834
commit 0735507
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.jenkins/weekly.jenkins b/.jenkins/weekly.jenkins
@@ -50,7 +50,9 @@ pipeline {
         // check for vulnerabilities
         // "find" to search file
         // xargs to get correct exit code (find always return 0) 
-        sh ''' find . -type f -path '*/target/bom*.json' -print0 | xargs -0 -I {} sh -c 'echo "Scanning "{}""; trivy -q --exit-code 1 sbom "{}"' '''  
+          // HACK because of : https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/5198
+        sh ''' find . -type f -path '*/target/bom*.json' -print0 | xargs -0 -I {} sh -c 'echo "Scanning "{}""; trivy -q --exit-code 1 sbom "{}" --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db","aquasec/trivy-db:2" --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1","aquasec/trivy-java-db:1"' '''
+        // sh ''' find . -type f -path '*/target/bom*.json' -print0 | xargs -0 -I {} sh -c 'echo "Scanning "{}""; trivy -q --exit-code 1 sbom "{}"' '''  
 
         // check licenses
         // TODO add dash-licenses check when cycloneDx will be supported : https://github.com/eclipse/dash-licenses/issues/191