Skip to content

Commit

Permalink
ci: download Trivy vuln DB from AWS ECR
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavSanchez
DavSanchez committed Nov 13, 2024
1 parent c2f22d2 commit d32c310
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
14 changes: 13 additions & 1 deletion .github/workflows/component_trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ jobs:
ignore-unfixed: true
vuln-type: 'os,library'
severity: "${{ inputs.severity }}"
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db

- name: newrelic/k8s-events-forwarder
uses: aquasecurity/trivy-action@master
Expand All @@ -38,6 +41,9 @@ jobs:
ignore-unfixed: true
vuln-type: 'os,library'
severity: "${{ inputs.severity }}"
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db

- name: newrelic/nri-forwarder
uses: aquasecurity/trivy-action@master
Expand All @@ -48,6 +54,9 @@ jobs:
ignore-unfixed: true
vuln-type: 'os,library'
severity: "${{ inputs.severity }}"
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db

trivy_scanner_scheduled:
name: Scheduled Trivy scanner for docker
Expand All @@ -58,7 +67,7 @@ jobs:
uses: actions/checkout@v3

- name: Sarif newrelic/infrastructure
uses: aquasecurity/trivy-action@0.8.0
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/newrelic/infrastructure:${{ inputs.tag }}"
format: 'sarif'
Expand All @@ -67,6 +76,9 @@ jobs:
severity: "${{ inputs.severity }}"
exit-code: '1'
ignore-unfixed: true
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
Expand Down
3 changes: 3 additions & 0 deletions .github/workflows/security.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,3 +66,6 @@ jobs:
vuln-type: 'os,library'
severity: "HIGH,CRITICAL"
skip-dirs: "/var"
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db

0 comments on commit d32c310

Please sign in to comment.