From 07c9b423c3053295694d2b3f153097e8a2edf019 Mon Sep 17 00:00:00 2001 From: en-jschuetze <126695184+en-jschuetze@users.noreply.github.com> Date: Mon, 4 Nov 2024 11:53:15 +0100 Subject: [PATCH] Use aws public trivy-db storage to avoid ratelimits on github --- .github/workflows/security-scan.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index f344e94..db676b9 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -58,6 +58,8 @@ jobs: - name: Run Alpine Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: php-${{ env.PHP_VERSION }} format: 'table' @@ -68,6 +70,8 @@ jobs: - name: Run Alpine Trivy vulnerability scanner and create html file uses: aquasecurity/trivy-action@0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: php-${{ env.PHP_VERSION }} format: 'template' @@ -76,6 +80,8 @@ jobs: - name: Run Alpine Trivy vulnerability scanner and create html file uses: aquasecurity/trivy-action@0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: php-${{ env.PHP_VERSION }} format: 'json' @@ -93,6 +99,8 @@ jobs: - name: Run Alpine Trivy vulnerability scanner and upload to github security tab uses: aquasecurity/trivy-action@0.28.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: php-${{ env.PHP_VERSION }} format: 'sarif'