From a81f7d31866362335ea946d77769eae391592acb Mon Sep 17 00:00:00 2001 From: Jesus Date: Sun, 13 Oct 2024 02:10:07 +0800 Subject: .gitea: set Trivy DB from AWS --- .gitea/workflows/release.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to '.gitea/workflows/release.yaml') diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index ac67bf4..f2d00a4 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -88,7 +88,7 @@ jobs: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }} - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master + uses: aquasecurity/trivy-action@0.27.0 with: image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest format: 'table' @@ -96,6 +96,11 @@ jobs: ignore-unfixed: true vuln-type: 'os' severity: 'CRITICAL,HIGH' + env: + TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 + TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 + TRIVY_SKIP_DB_UPDATE: false + TRIVY_SKIP_JAVA_DB_UPDATE: false - name: Push Docker image uses: docker/build-push-action@v6 -- cgit v1.2.3