Merge pull request #1023 from nscuro/trivy-ratelimit-fix

Work around ghcr.io rate limiting for Trivy database downloads

.github/workflows/_meta-build.yaml

@@ -113,6 +113,10 @@ jobs:
       - name: Run Trivy Vulnerability Scanner
         if: ${{ inputs.publish-container }}
         uses: aquasecurity/trivy-action@0.24.0
+        env:
+          # https://github.com/aquasecurity/trivy-action/issues/389
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
+          TRIVY_JAVA_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-java-db:1'
         with:
           image-ref: docker.io/dependencytrack/frontend:${{ inputs.app-version }}
           format: 'sarif'