From 7102798902f5510aa761e64f090d30fc08b1d76f Mon Sep 17 00:00:00 2001 From: Stig Otnes Kolstad Date: Tue, 26 Nov 2024 10:04:44 +0100 Subject: [PATCH] fix: use aws mirror for trivy db Hitting a lot of rate limits all around right now. --- .github/workflows/workflow.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index b8a0d24..e6e2ba6 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -212,6 +212,9 @@ jobs: severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" trivyignores: ${{ inputs.trivy-ignore-files }} vuln-type: os,library + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db - if: inputs.trivy-enabled && inputs.trivy-summary-enabled name: Post all scan results to Github Summary as a table @@ -233,6 +236,9 @@ jobs: output: 'dependency-results.sbom.json' image-ref: ${{ inputs.name }}:${{ steps.setup.outputs.unique-id }} github-pat: ${{ secrets.GITHUB_TOKEN }} + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db - if: inputs.trivy-enabled name: Scan for vulnerabilities @@ -248,6 +254,9 @@ jobs: severity: ${{ inputs.trivy-severity }} trivyignores: ${{ inputs.trivy-ignore-files }} vuln-type: os,library + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db - if: inputs.trivy-enabled name: Parse vulnerability scan results