From 3dfc36d2cebcecce58e6d51c1cbff9ae77e2544c Mon Sep 17 00:00:00 2001
From: Eli Flores <eli.flores@digitalservice.bund.de>
Date: Wed, 9 Oct 2024 11:12:17 +0200
Subject: [PATCH] chore(deps): specify trivy db and java db repositories

since the version 0.56.0 of trivy (already used in the version 0.26.0 of the trivy-action) includes the option to specify multiple registries, so that by default the GitHub Registry is used, and if too many requests is reached, the aws mirror will be used.
---
 .github/workflows/pipeline.yml | 4 ++++
 .github/workflows/scan.yml     | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
index 7d3f083..70afe38 100644
--- a/.github/workflows/pipeline.yml
+++ b/.github/workflows/pipeline.yml
@@ -77,6 +77,8 @@ jobs:
         uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb
         env:
           TRIVY_OFFLINE_SCAN: true
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }}
           format: "sarif"
@@ -93,6 +95,8 @@ jobs:
         uses: aquasecurity/trivy-action@a20de5420d57c4102486cdd9578b45609c99d7eb
         env:
           TRIVY_OFFLINE_SCAN: true
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }}
           format: "cosign-vuln"
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index e84630d..ec906d8 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -29,6 +29,8 @@ jobs:
           TRIVY_USERNAME: ${{ github.actor }}
           TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
           TRIVY_OFFLINE_SCAN: true
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ${{ env.CONTAINER_REGISTRY }}/${{ env.CONTAINER_IMAGE_NAME }}:${{ env.CONTAINER_IMAGE_VERSION }}
           format: "sarif"