From f9be8425a2c9251257424d4367f3a4e16823995e Mon Sep 17 00:00:00 2001
From: Rohan Vazarkar <rvazarkar@specterops.io>
Date: Wed, 23 Oct 2024 10:32:34 -0400
Subject: [PATCH 1/3] fix: use aws registry mirrors for vuln scan

---
 .github/workflows/vuln-scan.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index 6b57de674..e904fcbeb 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -38,4 +38,7 @@ jobs:
           severity: 'CRITICAL,HIGH'
           exit-code: '1'
           ignore-unfixed: true
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
 

From 0765b1495b24a8d2633e6b7811a55b0707e6fb87 Mon Sep 17 00:00:00 2001
From: Rohan Vazarkar <rvazarkar@users.noreply.github.com>
Date: Wed, 23 Oct 2024 10:38:58 -0400
Subject: [PATCH 2/3] Update .github/workflows/vuln-scan.yml

Co-authored-by: Dillon Lees <dlees@specterops.io>
---
 .github/workflows/vuln-scan.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index e904fcbeb..c1557ec38 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -39,6 +39,6 @@ jobs:
           exit-code: '1'
           ignore-unfixed: true
         env:
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
-          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
+          TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
+          TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 

From 84d49015297d04fd3b758fca5dc2ec57d80528a0 Mon Sep 17 00:00:00 2001
From: Rohan Vazarkar <rvazarkar@specterops.io>
Date: Wed, 23 Oct 2024 10:42:53 -0400
Subject: [PATCH 3/3] fix: update trivy action

---
 .github/workflows/vuln-scan.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index c1557ec38..fc540eaf9 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -31,7 +31,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run vulnerability scanner
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'repo'
           scan-ref: './'