Use fallback trivy db repos in testDocker (#1034)

* Use fallback trivy db repos in testDocker * CircleCI
Consensys · Oct 31, 2024 · 1e0a1e2 · 1e0a1e2
1 parent 68db6b7
commit 1e0a1e2
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -273,6 +273,8 @@ jobs:
           name: Scan with trivy
           shell: /bin/sh
           command: |
+            export TRIVY_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db"
+            export TRIVY_JAVA_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db"
             $HOME/bin/trivy image consensys/web3signer:develop-arm64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
             $HOME/bin/trivy image consensys/web3signer:develop-amd64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
 

diff --git a/docker/test.sh b/docker/test.sh
@@ -27,7 +27,10 @@ eth2 \
 docker image rm ${DOCKER_TEST_IMAGE}
 
 # also check for security vulns with trivy
-docker run aquasec/trivy image $DOCKER_IMAGE
+docker run \
+ -e "TRIVY_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db" \
+ -e "TRIVY_JAVA_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db" \
+ aquasec/trivy image $DOCKER_IMAGE
 
 echo "test.sh Exit code: $i"
 exit $i