From e63e1d46d30c15f1ab4f3b925a0c1c26f1e636ce Mon Sep 17 00:00:00 2001
From: Lars Falk-Petersen <larsfp@met.no>
Date: Fri, 18 Oct 2024 09:30:37 +0200
Subject: [PATCH] Attempt trivy workaround,
 https://gitlab.met.no/team-punkt/hydra/lekestue/edrisobaric/-/issues/31

---
 .gitlab-ci.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b4185c9..0ead265 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -46,10 +46,15 @@ unittests:
     # cache cleanup is needed when scanning images with the same tags, it does not remove the database
     - time trivy clean --scan-cache
     # update vulnerabilities db
-    - time trivy image --download-db-only --no-progress
+    # TOOMANYREQUESTS problems, https://gitlab.met.no/team-punkt/hydra/lekestue/edrisobaric/-/issues/31
+    # - time trivy image --download-db-only --no-progress
     # Builds report and puts it in the default workdir $CI_PROJECT_DIR, so `artifacts:` can take it from there
-    - time trivy image --exit-code 0 --no-progress --format template --template "@/contrib/junit.tpl"
-        --output "$CI_PROJECT_DIR/${CI_JOB_NAME}.xml" "$RELEASE_IMAGE_NAME"
+    - time trivy image \
+      --db-repository public.ecr.aws/aquasecurity/trivy-db \
+      --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db \
+      --scanners vuln ghcr.io/cloudogu/gitops-playground:0.7.0 \
+      --exit-code 0 --no-progress --format template --template "@/contrib/junit.tpl" \
+      --output "$CI_PROJECT_DIR/${CI_JOB_NAME}.xml" "$RELEASE_IMAGE_NAME"
     # Prints full report
     - time trivy image --exit-code 0 --no-progress "$RELEASE_IMAGE_NAME"
     # Fails on high and critical vulnerabilities