fix: use ECR trivy db repository

Signed-off-by: Fabrizio Sestito <[email protected]>
rancher-sandbox · Nov 15, 2024 · 651df67 · 651df67
1 parent badb7c1
commit 651df67
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/internal/handlers/scan_sbom.go b/internal/handlers/scan_sbom.go
@@ -90,6 +90,10 @@ func (h *ScanSBOMHandler) Handle(message messaging.Message) error {
 		"sbom",
 		"--cache-dir", h.workDir,
 		"--format", "sarif",
+		// Use the public ECR repository to bypass GitHub's rate limits.
+		// Refer to https://github.com/aquasecurity/trivy/discussions/7668 for details.
+		"--db-repository", "public.ecr.aws/aquasecurity/trivy-db",
+		"--java-db-repository", "public.ecr.aws/aquasecurity/trivy-java-db",
 		"--output", reportFile.Name(),
 		sbomFile.Name(),
 	})