Merge pull request #1023 from nscuro/trivy-ratelimit-fix

nscuro · web-flow · commit f216b60e9f2f · 2024-10-01T17:08:36.000+02:00
Work around ghcr.io rate limiting for Trivy database downloads
diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml
@@ -113,6 +113,10 @@ jobs:
       - name: Run Trivy Vulnerability Scanner
         if: ${{ inputs.publish-container }}
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          # https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-java-db:1'
         with:
           image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }}
           format: 'sarif'
