From 196c43f5f0038e573491ab114de070665ae47672 Mon Sep 17 00:00:00 2001 From: Jacob Woffenden Date: Thu, 17 Oct 2024 11:22:33 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=AA=9E=20Optionally=20use=20ECR=20for=20T?= =?UTF-8?q?rivy's=20database=20(#282)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jacob Woffenden --- terraform-static-analysis/action.yml | 4 ++++ terraform-static-analysis/entrypoint.sh | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/terraform-static-analysis/action.yml b/terraform-static-analysis/action.yml index 63e6ce31..886f7271 100644 --- a/terraform-static-analysis/action.yml +++ b/terraform-static-analysis/action.yml @@ -65,6 +65,10 @@ inputs: description: "The name of the main branch e.g. 'main', defaults to 'main'" required: false default: "main" + use_trivy_ecr_database: + description: "Download the Trivy databases from ECR" + required: false + default: "false" runs: using: "docker" diff --git a/terraform-static-analysis/entrypoint.sh b/terraform-static-analysis/entrypoint.sh index c461fb2b..97645ad4 100755 --- a/terraform-static-analysis/entrypoint.sh +++ b/terraform-static-analysis/entrypoint.sh @@ -20,7 +20,9 @@ echo "INPUT_TRIVY_SEVERITY: $INPUT_TRIVY_SEVERITY" echo "INPUT_TFSEC_TRIVY: $INPUT_TFSEC_TRIVY" echo "INPUT_TRIVY_SKIP_DIR: $INPUT_TRIVY_SKIP_DIR" echo "INPUT_MAIN_BRANCH_NAME: $INPUT_MAIN_BRANCH_NAME" +echo "INPUT_USE_TRIVY_ECR_DATABASE: $INPUT_USE_TRIVY_ECR_DATABASE" echo + # install tfsec from GitHub (taken from README.md) if [[ -n "$INPUT_TFSEC_VERSION" && "${INPUT_TFSEC_TRIVY}" == "tfsec" ]]; then env GO111MODULE=on go install github.com/aquasecurity/tfsec/cmd/tfsec@"${INPUT_TFSEC_VERSION}" @@ -35,6 +37,12 @@ else curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin latest fi +# use ECR for Trivy databases +if [[ "$INPUT_USE_TRIVY_ECR_DATABASE" == "true" ]]; + export TRIVY_DB_REPOSITORY="public.ecr.aws/aquasecurity/trivy-db:2" + export TRIVY_JAVA_DB_REPOSITORY="public.ecr.aws/aquasecurity/trivy-java-db:1" +fi + line_break() { echo echo "*****************************"