From b78075a9884fabd9911c88d643215f94b6f12822 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Thu, 17 Oct 2024 21:13:05 +0300 Subject: [PATCH] Add another mirror for Trivy DB in security.yml --- .github/workflows/security.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index cf0ad4e791..82590f4a1f 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -12,16 +12,20 @@ jobs: uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Code Security Scan - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # master + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: scan-type: 'fs' scanners: vuln,secret trivy-config: .trivy.yml exit-code: 1 ignore-unfixed: true + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - name: Helm Security Scan - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # master + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0 if: always() with: scan-type: 'config' @@ -29,3 +33,7 @@ jobs: exit-code: 1 ignore-unfixed: true scan-ref: ./deployment/helm + env: + TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db + TRIVY_USERNAME: ${{ github.actor }} + TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}