Manage Trivy rate limiting on db pull (#68)

tcarmet · web-flow · commit 71eec4162625 · 2024-11-13T13:32:02.000-08:00
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -23,7 +23,7 @@ on:
         required: false
       REGISTRY_PASSWORD:
         required: false
- 
+
 jobs:
   trivy:
     env:
@@ -36,7 +36,12 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Image Scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
+        # Due to rate limiting faced by aquasecurity/trivy-action#389 we download the DBs
+        # from the public ECR repository
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
         with:
           image-ref: "${{ inputs.registry }}/${{ inputs.namespace }}/${{ inputs.name }}:${{ inputs.tag }}"
           format: 'sarif'
