diff --git a/.github/workflows/node.yaml b/.github/workflows/node.yaml index b4b86c3b94..8cde20c429 100644 --- a/.github/workflows/node.yaml +++ b/.github/workflows/node.yaml @@ -233,7 +233,7 @@ jobs: if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0 uses: aquasecurity/trivy-action@0.24.0 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db with: image-ref: "${{ steps.trivy-image.outputs.image }}" format: "table" @@ -383,6 +383,8 @@ jobs: - name: Trivy scanning if: steps.check-build-and-push.outputs.enable == 'true' && steps.check-ghcr.outputs.enable == 'true' && steps.ghcr-tag.outputs.tags != 0 uses: aquasecurity/trivy-action@0.24.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db with: image-ref: "${{ steps.trivy-image.outputs.image }}" format: "table" diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index caa51ef3a4..00af0aad61 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Run Trivy vulnerability scanner (json) uses: aquasecurity/trivy-action@0.24.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db with: image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest format: json @@ -21,6 +23,8 @@ jobs: - name: Run Trivy vulnerability scanner (table) uses: aquasecurity/trivy-action@0.24.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db with: image-ref: ghcr.io/nrkno/sofie-core-${{ matrix.image }}:latest output: '${{ matrix.image }}-trivy-scan-results.txt' @@ -37,6 +41,8 @@ jobs: - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph uses: aquasecurity/trivy-action@0.24.0 + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db with: format: 'github' output: 'dependency-results-${{ matrix.image }}.sbom.json'