Skip to content

Commit

Permalink
image-scanning: fix ratelimiting error when downloading vulnerability…
Browse files Browse the repository at this point in the history 
… db from ghcr.io

Signed-off-by: zhzhuang-zju <m17799853869@163.com>
  • Loading branch information
@zhzhuang-zju
zhzhuang-zju committed Oct 11, 2024
1 parent 21467f8 commit 6bf2adf
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/ci-image-scanning-on-schedule.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,15 +47,21 @@ jobs:
export REGISTRY="docker.io/karmada"
make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}'
format: 'sarif'
ignore-unfixed: true
vuln-type: 'os,library'
output: '${{ matrix.target }}:${{ matrix.karmada-version }}.trivy-results.sarif'
- name: display scan results
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_SKIP_DB_UPDATE: true # avoid repeatedly updating the Vulnerability DB
TRIVY_DISABLE_VEX_NOTICE: true # disable VEX notice
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}'
format: 'table'
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/ci-image-scanning.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,21 @@ jobs:
export REGISTRY="docker.io/karmada"
make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'sarif'
ignore-unfixed: true
vuln-type: 'os,library'
output: 'trivy-results.sarif'
- name: display scan results
uses: aquasecurity/trivy-action@0.24.0
uses: aquasecurity/trivy-action@0.26.0
env:
TRIVY_SKIP_DB_UPDATE: true # avoid repeatedly updating the Vulnerability DB
TRIVY_DISABLE_VEX_NOTICE: true # disable VEX notice
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'table'
Expand Down

0 comments on commit 6bf2adf

Please sign in to comment.