From 72b4a4a7f0fe7409c7e33485c245c2957ec88818 Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Fri, 8 Nov 2024 19:30:04 +0000 Subject: [PATCH 1/2] fix trivy workflow by using mcr trivy images --- .github/workflows/trivy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index f966d3edb..ef68e6941 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -75,6 +75,8 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.MEMBER_AGENT_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} @@ -90,6 +92,8 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db - name: Scan ${{ env.REGISTRY }}/${{ env.REFRESH_TOKEN_IMAGE_NAME }}:${{ env.IMAGE_VERSION }} uses: aquasecurity/trivy-action@master @@ -104,3 +108,5 @@ jobs: env: TRIVY_USERNAME: ${{ github.actor }} TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} + TRIVY_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-db + TRIVY_JAVA_DB_REPOSITORY: mcr.microsoft.com/mirror/ghcr/aquasecurity/trivy-java-db From 5eaec75de817d965003da096765142ec14ddc9bd Mon Sep 17 00:00:00 2001 From: Wantong Jiang Date: Fri, 8 Nov 2024 19:34:12 +0000 Subject: [PATCH 2/2] add triggering trivy in pull request --- .github/workflows/trivy.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index ef68e6941..b08dd73d0 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -6,6 +6,9 @@ on: create: # Publish semver tags as releases. tags: [ 'v*.*.*' ] + pull_request: + branches: + - main permissions: contents: read