From c01048adcae98d3ba3297be5f50b672a5bf204c8 Mon Sep 17 00:00:00 2001
From: Matt Pryor <matt@stackhpc.com>
Date: Thu, 26 Sep 2024 11:08:56 +0100
Subject: [PATCH] Pass GitHub token for Trivy DB download

---
 .github/workflows/build_test_images.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/build_test_images.yaml b/.github/workflows/build_test_images.yaml
index b9b9e9e..0c59b4f 100644
--- a/.github/workflows/build_test_images.yaml
+++ b/.github/workflows/build_test_images.yaml
@@ -96,6 +96,8 @@ jobs:
           format: sarif
           output: "${{ steps.publish-image.outputs.image-name }}.sarif"
           # turn off secret scanning to speed things up
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
@@ -113,6 +115,8 @@ jobs:
           exit-code: '1'
           severity: 'CRITICAL'
           ignore-unfixed: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Write matrix outputs
         uses: cloudposse/github-action-matrix-outputs-write@0.4.2