From b34deb0cb4e396c59a7f17e59c74963dbc5fa174 Mon Sep 17 00:00:00 2001 From: Benjamin Pinchon Date: Tue, 29 Oct 2024 22:34:10 +0100 Subject: [PATCH] ci(build): fetch Trivy DB from aws to prevent TOOMANYREQUESTS from ghcr.io Signed-off-by: Benjamin Pinchon --- .github/workflows/build.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c72e82..cd63251 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,10 +63,12 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 if: github.event_name != 'pull_request' + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 with: image-ref: ${{ inputs.image-name }}:${{ steps.meta.outputs.version }} - format: 'table' - exit-code: '1' + format: "table" + exit-code: "1" ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' + vuln-type: "os,library" + severity: "CRITICAL,HIGH"