From 9d7f96246a5c4d882777583b43524c4e0721fa15 Mon Sep 17 00:00:00 2001 From: Stefan Bueringer Date: Mon, 28 Oct 2024 14:46:25 +0100 Subject: [PATCH] Switch to using ECR mirror for trivy DB repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stefan Büringer buringerst@vmware.com --- hack/verify-container-images.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hack/verify-container-images.sh b/hack/verify-container-images.sh index f9fa68fbf1..51b5d5f546 100755 --- a/hack/verify-container-images.sh +++ b/hack/verify-container-images.sh @@ -24,6 +24,7 @@ fi VERSION=${1} GO_ARCH="$(go env GOARCH)" +DB_MIRROR="public.ecr.aws/aquasecurity/trivy-db" REPO_ROOT=$(git rev-parse --show-toplevel) "${REPO_ROOT}/hack/ensure-trivy.sh" "${VERSION}" @@ -35,7 +36,7 @@ make REGISTRY=gcr.io/k8s-staging-capi-vsphere PULL_POLICY=IfNotPresent TAG=dev d make clean-release-git # Scan the images -"${TRIVY}" image -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-controller-"${GO_ARCH}":dev && R1=$? || R1=$? +"${TRIVY}" image --db-repository="${DB_MIRROR}" -q --exit-code 1 --ignore-unfixed --severity MEDIUM,HIGH,CRITICAL gcr.io/k8s-staging-capi-vsphere/cluster-api-vsphere-controller-"${GO_ARCH}":dev && R1=$? || R1=$? echo "" BRed='\033[1;31m'