From 0cb188aaed3739241199507c42ee53682fc01728 Mon Sep 17 00:00:00 2001
From: M-Schiborr <112689259+M-Schiborr@users.noreply.github.com>
Date: Tue, 29 Oct 2024 12:36:03 +0100
Subject: [PATCH] Test new trivy db (#27)

* Test new trivy db

* Test back without new db repo

* Test new trivy db

* Test envs

* switch db repo

* use correct trivy action :/

* switch db repo

* Add new java trivy db too

* Remove ref to branch
---
 .github/workflows/check-trivy.yaml         | 3 +++
 .github/workflows/image-publish-trivy.yaml | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-trivy.yaml b/.github/workflows/check-trivy.yaml
index caedd60..b7cf73d 100644
--- a/.github/workflows/check-trivy.yaml
+++ b/.github/workflows/check-trivy.yaml
@@ -50,6 +50,9 @@ jobs:
           severity: ${{ inputs.severity }}
           exit-code: ${{ inputs.fail_on_vulnerabilites && 1 || 0}}
           ignore-unfixed: ${{ inputs.ignore-unfixed }}
+        env:
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
 
       - name: Override location of findings
         if: ${{ always() && inputs.report_location != '' }}
diff --git a/.github/workflows/image-publish-trivy.yaml b/.github/workflows/image-publish-trivy.yaml
index c6b16ea..613216f 100644
--- a/.github/workflows/image-publish-trivy.yaml
+++ b/.github/workflows/image-publish-trivy.yaml
@@ -187,7 +187,7 @@ jobs:
     permissions:
       packages: read
       security-events: write
-    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@5
+    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/check-trivy.yaml@7
     with:
       image_ref: ${{ needs.pre_scan.outputs.registry_and_owner }}/${{ inputs.image_name }}@${{ needs.build_and_upload_image.outputs.digest }}
       severity: ${{ inputs.trivy_severity }}