search

aquasecurity / trivy-action

Runs Trivy as GitHub action to scan your Docker container image for vulnerabilities
Apache License 2.0
831 stars 240 forks source link

too many requests error again #430

Open DChevrier1 opened 1 week ago

DChevrier1 commented 1 week ago

We upgraded to 0.28 when it came out and these errors went away, but they have come back again. What can we do to help fix this as it is part of our CI/CD pipeline? Thanks

ERROR [vulndb] Failed to download artifact repo="ghcr.io/aquasecurity/trivy-db:2" err="oci download error: failed to fetch the layer: GET https://ghcr.io/v2/aquasecurity/trivy-db/blobs/sha256:c3afeb28c808216cc2fa69d1e682164efd3c9967451a061778329ce94ce1a069: TOOMANYREQUESTS: retry-after: 217.944µs, allowed: 44000/minute" 1902024-11-05T13:55:48Z FATAL Fatal error init error: DB error: failed to download vulnerability DB: OCI artifact error: failed to download vulnerability DB: failed to download artifact from any source

ACipkowski1 commented 1 week ago

Thank you for looking into this

JBrown413 commented 1 week ago

I'd love to see a fix!!

CDixson1 commented 1 week ago

Received same error, TOOMANYREQUESTS. A fix would be greatly appreciated. Thanks.

RBlanc1 commented 1 week ago

A fix for this would be helpful in our pipeline process - thx

tliebert1 commented 1 week ago

Have run into this problem also.

ogruene commented 1 week ago

Hi @DChevrier1,

as far as I see, you can simply add the following env to your aquasecurity/trivy-action step:

env:
    TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"

This should work - at least when using current aquasecurity/trivy-action@master. Not sure if it also works with the last release.

Oliver Grüneberg \oliver.grueneberg@mercedes-benz.com\, Mercedes-Benz Tech Innovation GmbH Provider Information

arareko commented 1 week ago

Seems related to https://github.com/aquasecurity/trivy-action/issues/107

ogruene commented 1 week ago

As far as I see, it's a DB download error rather related #389

arareko commented 1 week ago

As far as I see, it's a DB download error rather related #389

@ogruene Yes, both are related.

RichardoC commented 1 week ago

Hi @DChevrier1,

as far as I see, you can simply add the following env to your aquasecurity/trivy-action step:

env:
    TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2"

This should work - at least when using current aquasecurity/trivy-action@master. Not sure if it also works with the last release.

Oliver Grüneberg [oliver.grueneberg@mercedes-benz.com](mailto:oliver.grueneberg@mercedes-benz.com), Mercedes-Benz Tech Innovation GmbH Provider Information

Mind providing a source for that repo? https://pkg.go.dev/github.com/aquasecurity/trivy-db#readme-download-the-vulnerability-database only refers to the github container registry