From 46dd0df19259f5606974b8fe5e074df404f07d80 Mon Sep 17 00:00:00 2001
From: Elie CHARRA <eliec@spacelift.io>
Date: Fri, 22 Nov 2024 10:29:07 +0100
Subject: [PATCH] chore: make trivy scan more resillient

---
 .github/workflows/docker.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 251cedb..2f85ec0 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -320,13 +320,15 @@ jobs:
           echo "TARGET_TAG=${TARGET_TAG}" >> $GITHUB_ENV
 
       - name: Run Trivy vulnerability scanner for ${{ matrix.target }} image
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.27.0
         with:
           image-ref: "ghcr.io/${{ github.repository }}:${{ matrix.versions.ansible }}${{ env.TARGET_TAG }}-${{ env.PLATFORM_PAIR }}"
           format: "template"
           template: "@/contrib/sarif.tpl"
           output: "${{ matrix.target }}.sarif"
           severity: "CRITICAL,HIGH"
+        env:
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
 
       - name: Upload ${{ matrix.target }} image scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3