diff --git a/.circleci/config.yml b/.circleci/config.yml
index 497da1866..5046bfe7e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -273,6 +273,8 @@ jobs:
           name: Scan with trivy
           shell: /bin/sh
           command: |
+            export TRIVY_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db"
+            export TRIVY_JAVA_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db"
             $HOME/bin/trivy image consensys/web3signer:develop-arm64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
             $HOME/bin/trivy image consensys/web3signer:develop-amd64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
 
diff --git a/docker/test.sh b/docker/test.sh
index d7f3ff390..89a4c1e38 100755
--- a/docker/test.sh
+++ b/docker/test.sh
@@ -27,7 +27,10 @@ eth2 \
 docker image rm ${DOCKER_TEST_IMAGE}
 
 # also check for security vulns with trivy
-docker run aquasec/trivy image $DOCKER_IMAGE
+docker run \
+ -e "TRIVY_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db" \
+ -e "TRIVY_JAVA_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db" \
+ aquasec/trivy image $DOCKER_IMAGE
 
 echo "test.sh Exit code: $i"
 exit $i