aboutsummaryrefslogtreecommitdiffstats
path: root/.gitea/workflows/release.yaml
diff options
context:
space:
mode:
authorJesus <heckyel@hyperbola.info>2024-10-13 02:10:07 +0800
committerJesus <heckyel@hyperbola.info>2024-10-13 02:10:07 +0800
commita81f7d31866362335ea946d77769eae391592acb (patch)
tree5038c9e1976f1118757a4fa0a726bbf318aa3adc /.gitea/workflows/release.yaml
parent1673c569e64f1b7de8899841a8e84e26e4dc5939 (diff)
downloadhyperbola-mirror-a81f7d31866362335ea946d77769eae391592acb.tar.lz
hyperbola-mirror-a81f7d31866362335ea946d77769eae391592acb.tar.xz
hyperbola-mirror-a81f7d31866362335ea946d77769eae391592acb.zip
.gitea: set Trivy DB from AWSHEADmaster
Diffstat (limited to '.gitea/workflows/release.yaml')
-rw-r--r--.gitea/workflows/release.yaml7
1 files changed, 6 insertions, 1 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index ac67bf4..f2d00a4 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -88,7 +88,7 @@ jobs:
${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}
- name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@master
+ uses: aquasecurity/trivy-action@0.27.0
with:
image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
format: 'table'
@@ -96,6 +96,11 @@ jobs:
ignore-unfixed: true
vuln-type: 'os'
severity: 'CRITICAL,HIGH'
+ env:
+ TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+ TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+ TRIVY_SKIP_DB_UPDATE: false
+ TRIVY_SKIP_JAVA_DB_UPDATE: false
- name: Push Docker image
uses: docker/build-push-action@v6