.gitea: set Trivy DB from AWS

2024-10-13 02:10:07 +08:00 · 2024-10-13 02:10:07 +08:00 · a81f7d3186
commit a81f7d3186
parent 1673c569e6
1 changed files with 6 additions and 1 deletions
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -88,7 +88,7 @@ jobs:
            ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:v${{ steps.meta.outputs.IMAGE_VERSION }}

      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.27.0
        with:
          image-ref: ${{ secrets.DOCKER_REGISTRY_USER}}/hypermirror:latest
          format: 'table'
@ -96,6 +96,11 @@ jobs:
          ignore-unfixed: true
          vuln-type: 'os'
          severity: 'CRITICAL,HIGH'
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+          TRIVY_SKIP_DB_UPDATE: false
+          TRIVY_SKIP_JAVA_DB_UPDATE: false

      - name: Push Docker image
        uses: docker/build-push-action@v6