From bdd786114c82d2687d2a4910911ea63bc9e89871 Mon Sep 17 00:00:00 2001
From: Fabrizio Sestito <fabrizio.sestito@suse.com>
Date: Fri, 15 Nov 2024 07:13:43 +0100
Subject: [PATCH] fix: use ECR trivy db repository

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
---
 internal/handlers/scan_sbom.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/handlers/scan_sbom.go b/internal/handlers/scan_sbom.go
index e4d9603..76ea407 100644
--- a/internal/handlers/scan_sbom.go
+++ b/internal/handlers/scan_sbom.go
@@ -90,6 +90,10 @@ func (h *ScanSBOMHandler) Handle(message messaging.Message) error {
 		"sbom",
 		"--cache-dir", h.workDir,
 		"--format", "sarif",
+		// Use the public ECR repository to bypass GitHub's rate limits.
+		// Refer to https://github.com/aquasecurity/trivy/discussions/7668 for details.
+		"--db-repository", "public.ecr.aws/aquasecurity/trivy-db",
+		"--java-db-repository", "public.ecr.aws/aquasecurity/trivy-java-db",
 		"--output", reportFile.Name(),
 		sbomFile.Name(),
 	})