From 223cb1c7ff69641f19730d9dbf5ed9bafe935f81 Mon Sep 17 00:00:00 2001
From: Daniela Plascencia <daniela.plascencia@canonical.com>
Date: Fri, 4 Oct 2024 13:36:25 +0200
Subject: [PATCH] fix: pass --db-repository option to scanner (#144)

This is a workaround for https://github.com/aquasecurity/trivy-action/issues/389

Fixes canonical/bundle-kubeflow#1080
---
 scripts/images/scan-images.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/images/scan-images.sh b/scripts/images/scan-images.sh
index 8b2ecab..a9b9382 100755
--- a/scripts/images/scan-images.sh
+++ b/scripts/images/scan-images.sh
@@ -39,7 +39,9 @@ for IMAGE in "${IMAGE_LIST[@]}"; do
     fi
     echo "Scan image $IMAGE report in $TRIVY_REPORT"
     docker pull $IMAGE
-    docker run -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:`pwd` -w `pwd` --name=scanner aquasec/trivy image --timeout 30m -f $TRIVY_REPORT_TYPE -o $TRIVY_REPORT --ignore-unfixed $IMAGE
+    # Adding --db-repository public.ecr.aws/aquasecurity/trivy-db:2 option
+    # as a workaround for https://github.com/aquasecurity/trivy-action/issues/389
+    docker run -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:`pwd` -w `pwd` --name=scanner aquasec/trivy image --timeout 30m -f $TRIVY_REPORT_TYPE -o $TRIVY_REPORT --ignore-unfixed $IMAGE --db-repository public.ecr.aws/aquasecurity/trivy-db:2
     docker rmi $IMAGE
     docker rm -f $(docker ps -a -q)
     df . -h