File tree Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Expand file tree Collapse file tree 1 file changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -132,7 +132,10 @@ jobs:
132132 output : " ${{ steps.manifest.outputs.image-name }}.sarif"
133133 # turn off secret scanning to speed things up
134134 env :
135- TRIVY_DB_REPOSITORY : ghcr.io/azimuth-cloud/trivy-db:2
135+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
136+ # https://github.com/aquasecurity/trivy-action/issues/389
137+ TRIVY_DB_REPOSITORY : ' public.ecr.aws/aquasecurity/trivy-db:2'
138+ TRIVY_JAVA_DB_REPOSITORY : ' public.ecr.aws/aquasecurity/trivy-java-db:1'
136139
137140 - name : Upload Trivy scan results to GitHub Security tab
138141 uses : github/codeql-action/upload-sarif@v3
@@ -151,8 +154,11 @@ jobs:
151154 severity : ' CRITICAL'
152155 ignore-unfixed : true
153156 env :
154- TRIVY_DB_REPOSITORY : ghcr.io/azimuth-cloud/trivy-db:2
155-
157+ GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
158+ # https://github.com/aquasecurity/trivy-action/issues/389
159+ TRIVY_DB_REPOSITORY : ' public.ecr.aws/aquasecurity/trivy-db:2'
160+ TRIVY_JAVA_DB_REPOSITORY : ' public.ecr.aws/aquasecurity/trivy-java-db:1'
161+
156162 - name : Delete new image if Trivy scan fails
157163 if : failure() && steps.packer_build.outcome == 'success' # Runs if the Trivy scan found crit vulnerabilities or failed
158164 run : |
You can’t perform that action at this time.
0 commit comments