From a11c1a7092c8916239105e9f89e15120fc332926 Mon Sep 17 00:00:00 2001
From: Joshua Casey <joshua.casey@broadcom.com>
Date: Wed, 30 Oct 2024 09:30:41 -0500
Subject: [PATCH] Use trivy db mirror from ECR instead of GHCR

---
 .gitignore                                       | 1 +
 pipelines/shared-tasks/scan-image-trivy/task.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index a9fc24396..c9c1fd7e4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 *.tfstate
 kubeconfig.yaml
 .DS_Store
+site/
\ No newline at end of file
diff --git a/pipelines/shared-tasks/scan-image-trivy/task.yml b/pipelines/shared-tasks/scan-image-trivy/task.yml
index 3da828d90..90910e5d8 100644
--- a/pipelines/shared-tasks/scan-image-trivy/task.yml
+++ b/pipelines/shared-tasks/scan-image-trivy/task.yml
@@ -31,6 +31,7 @@ run:
 
       trivy image \
         --input=image/image.tar \
+        --db-repository public.ecr.aws/aquasecurity/trivy-db \
         --exit-code=1 \
         --severity=HIGH,CRITICAL \
         --ignore-unfixed \