.gitea: set Trivy DB from AWSHEAD main

author: Jesus <heckyel@hyperbola.info> 2024-10-13 02:15:33 +0800
committer: Jesus <heckyel@hyperbola.info> 2024-10-13 02:15:33 +0800
commit: 92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd (patch)
tree: ac74dd8323c4f704a474d5d89732dd0bf8498eeb
parent: f5351ce012a52795d47e512eee2c8ff412cc4d1c (diff)
download: gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.tar.lz
gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.tar.xz
gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 779bb90..6222f62 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -49,7 +49,7 @@ jobs:
             rusian/gitolite-cgit:latest
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.27.0
         with:
           image-ref: rusian/gitolite-cgit:latest
           format: 'table'
@@ -57,6 +57,11 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os'
           severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+          TRIVY_SKIP_DB_UPDATE: false
+          TRIVY_SKIP_JAVA_DB_UPDATE: false
 
       - name: Push Docker image
         uses: docker/build-push-action@v6
author	Jesus <heckyel@hyperbola.info>	2024-10-13 02:15:33 +0800
committer	Jesus <heckyel@hyperbola.info>	2024-10-13 02:15:33 +0800
commit	92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd (patch)
tree	ac74dd8323c4f704a474d5d89732dd0bf8498eeb
parent	f5351ce012a52795d47e512eee2c8ff412cc4d1c (diff)
download	gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.tar.lz gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.tar.xz gitolite-cgit-docker-92d5171f1f0412c9f90bb3aa7d9d4133a5f6efbd.zip