add support for second java db repository in trivy checks

neuroforgede · Oct 30, 2024 · d2afdea · d2afdea
1 parent 113c240
commit d2afdea
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/consumer_gateway/build_production.sh b/consumer_gateway/build_production.sh
@@ -30,6 +30,6 @@ docker run \
     --scanners vuln \
     --ignore-unfixed \
     --exit-code 1 \
-    --java-db-repository ghcr.io/aquasecurity/trivy-java-db public.ecr.aws/aquasecurity/trivy-java-db \
+    --java-db-repository ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db \
     ghcr.io/neuroforgede/nfcompose-consumer-gateway:${BUILD_NF_COMPOSE_DOCKER_TAG}
 check_result "failed trivy check"
diff --git a/skipper/build.py b/skipper/build.py
@@ -105,8 +105,7 @@ def trivy_check(image: str) -> None:
         'trivy',
         'image',
         '--java-db-repository',
-        'ghcr.io/aquasecurity/trivy-java-db',
-        'public.ecr.aws/aquasecurity/trivy-java-db',
+        'ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db',
         '--ignore-unfixed',
         '--skip-files',
         '/neuroforge/skipper/skipper/environment_local.py',

diff --git a/skipper_proxy/build_production.sh b/skipper_proxy/build_production.sh
@@ -28,6 +28,6 @@ docker run \
     --scanners vuln \
     --ignore-unfixed \
     --exit-code 1 \
-    --java-db-repository ghcr.io/aquasecurity/trivy-java-db public.ecr.aws/aquasecurity/trivy-java-db \
+    --java-db-repository ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db \
     ghcr.io/neuroforgede/nfcompose-skipper-proxy:${BUILD_NF_COMPOSE_DOCKER_TAG}
 check_result "failed trivy check"