From c14a27ac12af27a73097f80f3a42fee4ce6ba593 Mon Sep 17 00:00:00 2001
From: Thomas Carmet <8408330+tcarmet@users.noreply.github.com>
Date: Wed, 13 Nov 2024 21:13:47 +0000
Subject: [PATCH] Manage Trivy rate limiting on db pull

---
 .github/workflows/trivy.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 8da15d8..b44e624 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ on:
         required: false
       REGISTRY_PASSWORD:
         required: false
- 
+
 jobs:
   trivy:
     env:
@@ -36,7 +36,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Image Scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
+        # Due to rate limiting faced by aquasecurity/trivy-action#389 we download the DBs
+        # from the public ECR repository
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           image-ref: "${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }}:${{ inputs.tag }}"
           format: 'sarif'