From 8e05bedfca3ed128b64b6d4d7b1c270e82164502 Mon Sep 17 00:00:00 2001 From: Sergei Maertens Date: Fri, 11 Oct 2024 10:23:41 +0200 Subject: [PATCH] :construction_worker: Address trivy-action rate limit issues Cache workflow taken from their README and tweaked a little bit. --- .github/workflows/ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dc18638b97..e1fed35bb1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -420,6 +420,7 @@ jobs: uses: actions/download-artifact@v4 with: name: docker-image-all-extensions-${{ needs.docker_build_setup.outputs.version }} + - name: Scan image with Trivy uses: aquasecurity/trivy-action@master with: @@ -428,8 +429,10 @@ jobs: output: 'trivy-results-docker.sarif' ignore-unfixed: true env: - # See https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2368662097 - ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Uses the cache from trivy.yml workflow + TRIVY_SKIP_DB_UPDATE: true + TRIVY_SKIP_JAVA_DB_UPDATE: true + - name: Upload results to GH Security tab uses: github/codeql-action/upload-sarif@v3 with: