From b5ee9b3e552e4fdf0045c337dc77051eaae39d81 Mon Sep 17 00:00:00 2001
From: Thomas Schaffter <thomas.schaffter@gmail.com>
Date: Thu, 7 Nov 2024 17:51:52 +0000
Subject: [PATCH] use ECR DB when scanning repo with Trivy

---
 .github/workflows/scan-repo.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/scan-repo.yml b/.github/workflows/scan-repo.yml
index 047df023d5..1603cba3f3 100644
--- a/.github/workflows/scan-repo.yml
+++ b/.github/workflows/scan-repo.yml
@@ -19,6 +19,9 @@ jobs:
 
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@0.28.0
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
         with:
           scan-type: 'fs'
           ignore-unfixed: true