Skip to content

Commit

Permalink
fix(trivy): prevent rate-limit issues (#1063)
Browse files Browse the repository at this point in the history
  • Loading branch information
tmberthold authored Oct 9, 2024
1 parent b227b48 commit 83e2012
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 12 deletions.
12 changes: 8 additions & 4 deletions .github/workflows/license_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,11 @@ jobs:
uses: actions/checkout@v4

- name: Run license scanner
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: "rootfs"
scan-ref: "."
Expand All @@ -35,9 +37,11 @@ jobs:
- name: npm install (typescript-client-example)
run: cd extensions/wrapper/clients/typescript-client-example && npm clean-install
- name: Run license scanner
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: "repo"
scan-ref: "."
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/secret_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,11 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: "fs"
exit-code: "1"
Expand Down
12 changes: 8 additions & 4 deletions .github/workflows/security_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Run static analysis (rootfs)
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: "rootfs"
scanners: "vuln,misconfig"
Expand All @@ -30,9 +32,11 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Run static analysis (repo)
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: "repo"
scanners: "vuln,misconfig"
Expand Down
6 changes: 4 additions & 2 deletions .github/workflows/trivy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,11 @@ jobs:
uses: actions/checkout@v4

- name: Run static analysis
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
with:
scan-type: 'fs'
security-checks: 'vuln,secret,config'
Expand Down

0 comments on commit 83e2012

Please sign in to comment.