From 1e0a1e2cd239824a19f65adef3f9e0642aaeaf77 Mon Sep 17 00:00:00 2001
From: Usman Saleem <usman@usmans.info>
Date: Thu, 31 Oct 2024 12:05:10 +1000
Subject: [PATCH] Use fallback trivy db repos in testDocker (#1034)

* Use fallback trivy db repos in testDocker

* CircleCI
---
 .circleci/config.yml | 2 ++
 docker/test.sh       | 5 ++++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 497da1866..5046bfe7e 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -273,6 +273,8 @@ jobs:
           name: Scan with trivy
           shell: /bin/sh
           command: |
+            export TRIVY_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db"
+            export TRIVY_JAVA_DB_REPOSITORY="ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db"
             $HOME/bin/trivy image consensys/web3signer:develop-arm64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
             $HOME/bin/trivy image consensys/web3signer:develop-amd64 --image-src remote --exit-code 1 --quiet --no-progress --severity HIGH,CRITICAL --ignorefile "gradle/trivyignore.txt" --timeout 10m
 
diff --git a/docker/test.sh b/docker/test.sh
index d7f3ff390..89a4c1e38 100755
--- a/docker/test.sh
+++ b/docker/test.sh
@@ -27,7 +27,10 @@ eth2 \
 docker image rm ${DOCKER_TEST_IMAGE}
 
 # also check for security vulns with trivy
-docker run aquasec/trivy image $DOCKER_IMAGE
+docker run \
+ -e "TRIVY_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db" \
+ -e "TRIVY_JAVA_DB_REPOSITORY=ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db" \
+ aquasec/trivy image $DOCKER_IMAGE
 
 echo "test.sh Exit code: $i"
 exit $i