fix: pass --db-repository option to scanner (#144)

This is a workaround for aquasecurity/trivy-action#389 Fixes canonical/bundle-kubeflow#1080
canonical · Oct 4, 2024 · 223cb1c · 223cb1c
1 parent 4a03052
commit 223cb1c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/scripts/images/scan-images.sh b/scripts/images/scan-images.sh
@@ -39,7 +39,9 @@ for IMAGE in "${IMAGE_LIST[@]}"; do
     fi
     echo "Scan image $IMAGE report in $TRIVY_REPORT"
     docker pull $IMAGE
-    docker run -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:`pwd` -w `pwd` --name=scanner aquasec/trivy image --timeout 30m -f $TRIVY_REPORT_TYPE -o $TRIVY_REPORT --ignore-unfixed $IMAGE
+    # Adding --db-repository public.ecr.aws/aquasecurity/trivy-db:2 option
+    # as a workaround for https://github.com/aquasecurity/trivy-action/issues/389
+    docker run -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:`pwd` -w `pwd` --name=scanner aquasec/trivy image --timeout 30m -f $TRIVY_REPORT_TYPE -o $TRIVY_REPORT --ignore-unfixed $IMAGE --db-repository public.ecr.aws/aquasecurity/trivy-db:2
     docker rmi $IMAGE
     docker rm -f $(docker ps -a -q)
     df . -h