Skip to content

Commit

Permalink
- Move to only public ecr for trivy as there ratelimits are higher
Browse files Browse the repository at this point in the history 
- Change trivy-action to pull from ecr registry
Signed-off-by: Shailesh Pant <[email protected]>
  • Loading branch information
@ishaileshpant
ishaileshpant committed Nov 13, 2024
1 parent 0e16aff commit be00950
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
--ignore-unfixed \
--vuln-type os,library \
--severity CRITICAL,HIGH,MEDIUM,LOW \
--db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
--db-repository 'public.ecr.aws/aquasecurity/trivy-db:2' \
.
- name: Upload Code Vulnerability Scan Results
Expand All @@ -57,6 +57,8 @@ jobs:

- name: Run Trivy vulnerability scanner for Docker image (JSON Output)
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
with:
image-ref: 'docker.io/securefederatedai/openfl:${{ github.sha }}'
format: 'json'
Expand All @@ -80,7 +82,7 @@ jobs:
--ignore-unfixed \
--vuln-type os,library \
--severity CRITICAL,HIGH,MEDIUM,LOW \
--db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
--db-repository 'public.ecr.aws/aquasecurity/trivy-db:2' \
.
- name: Upload Code Vulnerability Scan Results
Expand Down

0 comments on commit be00950

Please sign in to comment.