fix: use aws mirror for trivy db

Hitting a lot of rate limits all around right now.
nrkno · Nov 26, 2024 · fbe1634 · fbe1634
1 parent 6d22c8b
commit fbe1634
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -212,6 +212,9 @@ jobs:
           severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
           trivyignores: ${{ inputs.trivy-ignore-files }}
           vuln-type: os,library
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled && inputs.trivy-summary-enabled
         name: Post all scan results to Github Summary as a table
@@ -233,6 +236,9 @@ jobs:
           output: 'dependency-results.sbom.json'
           image-ref: ${{ inputs.name }}:${{ steps.setup.outputs.unique-id }}
           github-pat: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled
         name: Scan for vulnerabilities
@@ -248,6 +254,9 @@ jobs:
           severity: ${{ inputs.trivy-severity }}
           trivyignores: ${{ inputs.trivy-ignore-files }}
           vuln-type: os,library
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled
         name: Parse vulnerability scan results