.gitea: set Trivy DB from AWSHEAD master

author: Jesus <heckyel@hyperbola.info> 2024-10-13 02:10:07 +0800
committer: Jesus <heckyel@hyperbola.info> 2024-10-13 02:10:07 +0800
commit: a81f7d31866362335ea946d77769eae391592acb (patch)
tree: 5038c9e1976f1118757a4fa0a726bbf318aa3adc /.gitea
parent: 1673c569e64f1b7de8899841a8e84e26e4dc5939 (diff)
download: hyperbola-mirror-master.tar.lz
hyperbola-mirror-master.tar.xz
hyperbola-mirror-master.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index ac67bf4..f2d00a4 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -88,7 +88,7 @@ jobs:
             ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.27.0
         with:
           image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
           format: 'table'
@@ -96,6 +96,11 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os'
           severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+          TRIVY_SKIP_DB_UPDATE: false
+          TRIVY_SKIP_JAVA_DB_UPDATE: false
 
       - name: Push Docker image
         uses: docker/build-push-action@v6
author	Jesus <heckyel@hyperbola.info>	2024-10-13 02:10:07 +0800
committer	Jesus <heckyel@hyperbola.info>	2024-10-13 02:10:07 +0800
commit	a81f7d31866362335ea946d77769eae391592acb (patch)
tree	5038c9e1976f1118757a4fa0a726bbf318aa3adc /.gitea
parent	1673c569e64f1b7de8899841a8e84e26e4dc5939 (diff)
download	hyperbola-mirror-master.tar.lz hyperbola-mirror-master.tar.xz hyperbola-mirror-master.zip