karmada-io
/
karmada
mirror of https://github.com/karmada-io/karmada.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5673 from zhzhuang-zju/trivy 

image-scanning: fix ratelimiting error when downloading vulnerability db from ghcr.io
This commit is contained in:
karmada-bot 2024-11-14 15:39:52 +08:00 committed by GitHub
parent 6f138cfc8d d2c29f086d
commit e08cea1e60
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/ci-image-scanning-on-schedule.yml vendored
View File

@ -48,6 +48,9 @@ jobs:
make image-${{ matrix.target }} make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0 uses: aquasecurity/trivy-action@0.28.0
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with: with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}' image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}'
format: 'sarif' format: 'sarif'
@ -56,6 +59,8 @@ jobs:
output: '${{ matrix.target }}:${{ matrix.karmada-version }}.trivy-results.sarif' output: '${{ matrix.target }}:${{ matrix.karmada-version }}.trivy-results.sarif'
- name: display scan results - name: display scan results
uses: aquasecurity/trivy-action@0.28.0 uses: aquasecurity/trivy-action@0.28.0
env:
TRIVY_SKIP_DB_UPDATE: true # Avoid updating the vulnerability db as it was cached in the previous step.
with: with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}' image-ref: 'docker.io/karmada/${{ matrix.target }}:${{ matrix.karmada-version }}'
format: 'table' format: 'table'

5
.github/workflows/ci-image-scanning.yaml vendored
View File

@ -43,6 +43,9 @@ jobs:
make image-${{ matrix.target }} make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0 uses: aquasecurity/trivy-action@0.28.0
env:
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
with: with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest' image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'sarif' format: 'sarif'
@ -51,6 +54,8 @@ jobs:
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
- name: display scan results - name: display scan results
uses: aquasecurity/trivy-action@0.28.0 uses: aquasecurity/trivy-action@0.28.0
env:
TRIVY_SKIP_DB_UPDATE: true # Avoid updating the vulnerability db as it was cached in the previous step.
with: with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest' image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'table' format: 'table'