From 9a56e7cd6964ffd4187a8e44a36d49b54587db56 Mon Sep 17 00:00:00 2001
From: Aqua Security automated builds
 <54269356+aqua-bot@users.noreply.github.com>
Date: Tue, 17 Dec 2024 23:58:00 -0700
Subject: [PATCH] fix: handle `BLOW_UNKNOWN` error to download DBs [backport:
 release/v0.58] (#8121)

Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
---
 pkg/oci/artifact.go | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/pkg/oci/artifact.go b/pkg/oci/artifact.go
index 8ed7dcdad03d..440cbebc0979 100644
--- a/pkg/oci/artifact.go
+++ b/pkg/oci/artifact.go
@@ -262,6 +262,19 @@ func shouldTryOtherRepo(err error) bool {
 		}
 	}
 
-	// try the following artifact only if a temporary error occurs
-	return terr.Temporary()
+	// try the following artifact if a temporary error occurs
+	if terr.Temporary() {
+		return true
+	}
+
+	// `GCR` periodically returns `BLOB_UNKNOWN` error.
+	// cf. https://github.com/aquasecurity/trivy/discussions/8020
+	// In this case we need to check other repositories.
+	for _, e := range terr.Errors {
+		if e.Code == transport.BlobUnknownErrorCode {
+			return true
+		}
+	}
+
+	return false
 }