From d1d5becc25bd02d0766770957700fca29fcfd9fc Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Tue, 1 Oct 2024 16:47:22 +0200
Subject: [PATCH] Work around ghcr.io rate limiting for Trivy database
 downloads

See:

* aquasecurity/trivy-action#389
* https://github.com/orgs/community/discussions/139074

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .github/workflows/_meta-build.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/_meta-build.yaml b/.github/workflows/_meta-build.yaml
index c4d4bba5..fda614d7 100644
--- a/.github/workflows/_meta-build.yaml
+++ b/.github/workflows/_meta-build.yaml
@@ -113,6 +113,10 @@ jobs:
       - name: Run Trivy Vulnerability Scanner
         if: ${{ inputs.publish-container }}
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          # https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-java-db:1'
         with:
           image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }}
           format: 'sarif'