Merge pull request #486 from Serph91P/fix/trivy-db-mirror-404

Serph91P · web-flow · commit ea4e01f4876d · 2026-02-26T19:38:23.000+01:00
fix(ci): use ghcr.io for Trivy DB instead of mirror.gcr.io
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -258,6 +258,9 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
+        env:
+          TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-java-db:1'
         with:
           image-ref: ${{ steps.image_name.outputs.full_ref }}
           format: 'sarif'
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -185,6 +185,9 @@ jobs:
       - name: Run Trivy vulnerability scanner (SARIF)
         if: steps.docker-build.outcome == 'success'
         uses: aquasecurity/trivy-action@master
+        env:
+          TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-java-db:1'
         with:
           image-ref: 'streamvault:scan'
           format: 'sarif'
@@ -203,6 +206,9 @@ jobs:
       - name: Run Trivy (table output for logs)
         if: steps.docker-build.outcome == 'success'
         uses: aquasecurity/trivy-action@master
+        env:
+          TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-java-db:1'
         with:
           image-ref: 'streamvault:scan'
           format: 'table'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -230,6 +230,9 @@ jobs:
 
       - name: Run Trivy filesystem scanner
         uses: aquasecurity/trivy-action@master
+        env:
+          TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-java-db:1'
         with:
           scan-type: 'fs'
           scan-ref: '.'
