ci: specify a different repository for trivy-db to avoid ratelimit er…

…rors seen on CD runs

.github/workflows/docker.yaml

@@ -122,6 +122,8 @@ jobs:
         with:
           image-ref: ${{ steps.build-and-push.outputs.imageid }}
           skip-dirs: /var/clamav
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
 
       - name: Setup Notation CLI
         if: ${{ inputs.push }}

.github/workflows/security-docker.yaml

@@ -22,6 +22,8 @@ jobs:
           output: "trivy-results.sarif"
           severity: "MEDIUM,HIGH,CRITICAL"
           limit-severities-for-sarif: true
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
       - name: Upload Results to GitHub Code Scanning
         if: ${{ always() }}
         uses: github/codeql-action/upload-sarif@v3

.github/workflows/security-terraform.yaml

@@ -22,6 +22,8 @@ jobs:
           output: "trivy-results.sarif"
           severity: "CRITICAL"
           limit-severities-for-sarif: true
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
       - name: Upload Results to GitHub Code Scanning
         if: ${{ always() }}
         uses: github/codeql-action/upload-sarif@v3

app/api/.gitignore

@@ -26,4 +26,4 @@ phpcs.xml
 phpstan.neon
 phpunit.xml
 psalm.xml
-# Trigger CD - 2024-10-07-1217
+# Trigger CD - 2024-10-07-1613

app/cdn/.gitignore

@@ -26,4 +26,4 @@ composer.lock
 editorconfig.org
 assets/vendor
 .scannerwork/
-# Trigger CD - 2024-10-07-1217
+# Trigger CD - 2024-10-07-1613

app/internal/.gitignore

@@ -27,5 +27,5 @@ phpcs.xml
 phpstan.neon
 phpunit.xml
 psalm.xml
-# Trigger CD - 2024-10-07-1217
+# Trigger CD - 2024-10-07-1613
 

app/selfserve/.gitignore

@@ -26,5 +26,5 @@ phpcs.xml
 phpstan.neon
 phpunit.xml
 psalm.xml
-# Trigger CD - 2024-10-07-1217
+# Trigger CD - 2024-10-07-1613