From 2dbfe58ac93f517a2c129d6bf83be089a5ab69f6 Mon Sep 17 00:00:00 2001 From: Ivan Valdes Date: Wed, 2 Oct 2024 12:52:41 -0700 Subject: [PATCH] github/workflows: use ECR mirror for Trivy's DB GitHub Container Registry is returning a TOOMANYREQUESTS error. Switch to AWS ECR mirror, as suggested in https://github.com/aquasecurity/trivy-action/issues/389. Signed-off-by: Ivan Valdes --- .github/workflows/release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ed4a4cfd77c..5139db4876d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -64,6 +64,11 @@ jobs: severity: 'CRITICAL,HIGH' format: 'sarif' output: 'trivy-results-${{ matrix.platforms }}.sarif' + env: + # Use AWS' ECR mirror for the trivy-db image, as GitHub's Container + # Registry is returning a TOOMANYREQUESTS error. + # Ref: https://github.com/aquasecurity/trivy-action/issues/389 + TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2' - name: upload scan results uses: github/codeql-action/upload-sarif@956f09c2ef1926b580554b9014cfb8a51abf89dd # v2.16.6 with: