add Trivy database to env variables

StatCan · Oct 31, 2024 · c531052 · c531052
1 parent 26e8c7b
commit c531052
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/build_push.yaml b/.github/workflows/build_push.yaml
@@ -62,6 +62,7 @@ jobs:
       CLUSTER_RESOURCE_GROUP: k8s-cancentral-01-covid-aks
       LOCAL_REPO: localhost:5000
       TRIVY_VERSION: "v0.56.2"
+      TRIVY_DATABASE: "public.ecr.aws/aquasecurity/trivy-db:2"
       HADOLINT_VERSION: "2.12.0"
       ACTIONS_RUNNER_DEBUG: true
 
@@ -177,7 +178,7 @@ jobs:
       run: |
         printf ${{ secrets.CVE_ALLOWLIST }} > .trivyignore
         curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin ${{ env.TRIVY_VERSION }}
-        trivy image --db-repository public.ecr.aws/aquasecurity/trivy-db:2 ${{ steps.build-image.outputs.full_image_name }} --exit-code 1 --timeout=20m --scanners vuln --severity CRITICAL
+        trivy image --db-repository ${{ TRIVY_DATABASE }} ${{ steps.build-image.outputs.full_image_name }} --exit-code 1 --timeout=20m --scanners vuln --severity CRITICAL
 
     # Push image to ACR
     # Pushes if this is a push to master or an update to a PR that has auto-deploy label