From 377dbadefbcd32e0de66bfb88f9f4ec3a3081dad Mon Sep 17 00:00:00 2001
From: Rupeekshan Maheswaran <63111541+Rupeekshan@users.noreply.github.com>
Date: Tue, 29 Oct 2024 10:19:22 +0530
Subject: [PATCH] fix: Configure Trivy to use AWS public registry to avoid rate
 limits

---
 .github/workflows/component-scan.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/component-scan.yml b/.github/workflows/component-scan.yml
index 98aa08f1..6f317e72 100644
--- a/.github/workflows/component-scan.yml
+++ b/.github/workflows/component-scan.yml
@@ -30,6 +30,9 @@ jobs:
           format: 'json'
           vuln-type: 'os,library'
           output: 'trivy-results.json'
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
 
       - name: Save vulnerabilities report in tabular format
         if: always()