Merge pull request #18672 from ivanvc/use-ecr-public-mirror-for-trivy-scan-action

ahrtr · web-flow · commit 448fb7e36c11 · 2024-10-05T09:51:47.000+01:00
github/workflows: use ECR mirror for Trivy's DB
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -66,6 +66,11 @@ jobs:
           severity: 'CRITICAL,HIGH'
           format: 'sarif'
           output: 'trivy-results-${{ matrix.platforms }}.sarif'
+        env:
+          # Use AWS' ECR mirror for the trivy-db image, as GitHub's Container
+          # Registry is returning a TOOMANYREQUESTS error.
+          # Ref: https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: upload scan results
         uses: github/codeql-action/upload-sarif@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10
         with:
