From fbe16342c985409d7c0b796cccbc0e26941975e6 Mon Sep 17 00:00:00 2001
From: Stig Otnes Kolstad <stig.otnes.kolstad@nrk.no>
Date: Tue, 26 Nov 2024 10:04:44 +0100
Subject: [PATCH] fix: use aws mirror for trivy db

Hitting a lot of rate limits all around right now.
---
 .github/workflows/workflow.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
index b8a0d24..e6e2ba6 100644
--- a/.github/workflows/workflow.yaml
+++ b/.github/workflows/workflow.yaml
@@ -212,6 +212,9 @@ jobs:
           severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL"
           trivyignores: ${{ inputs.trivy-ignore-files }}
           vuln-type: os,library
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled && inputs.trivy-summary-enabled
         name: Post all scan results to Github Summary as a table
@@ -233,6 +236,9 @@ jobs:
           output: 'dependency-results.sbom.json'
           image-ref: ${{ inputs.name }}:${{ steps.setup.outputs.unique-id }}
           github-pat: ${{ secrets.GITHUB_TOKEN }}
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled
         name: Scan for vulnerabilities
@@ -248,6 +254,9 @@ jobs:
           severity: ${{ inputs.trivy-severity }}
           trivyignores: ${{ inputs.trivy-ignore-files }}
           vuln-type: os,library
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
       -
         if: inputs.trivy-enabled
         name: Parse vulnerability scan results