Closed TharmiganK closed 1 week ago
daneshk
commented
1 week ago According to the reference, they are suggesting adding the following two envs. Don't we need to add both?
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
TharmiganK
commented
1 week ago According to the reference, they are suggesting adding the following two envs. Don't we need to add both?
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
When I inspect the trivy action step, only the general vulnerability db is getting downloaded. Anyway, I have add this as well via b58b2ff
Purpose
Failure: https://github.com/ballerina-platform/module-ballerina-jballerina.java.arrays/actions/runs/11805232960/job/32887228609#step:6:157
The rate limiting is for the downloads from the GitHub container registry. As a solution, this PR adds the public ECR registry as a fallback option when the rate limit hits with the GitHub container registry.
Workflow run with this fix: https://github.com/ballerina-platform/module-ballerina-time/actions/runs/11810431587/job/32902393393#step:6:170
Reference: https://github.com/aquasecurity/trivy-action/issues/389