Manage Trivy rate limiting on db pull

scality · Nov 13, 2024 · c14a27a · c14a27a
1 parent b4ac57e
commit c14a27a
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ on:
         required: false
       REGISTRY_PASSWORD:
         required: false
- 
+
 jobs:
   trivy:
     env:
@@ -36,7 +36,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Image Scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        # Due to rate limiting faced by aquasecurity/trivy-action#389 we download the DBs
+        # from the public ECR repository
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           image-ref: "${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }}:${{ inputs.tag }}"
           format: 'sarif'