Merge branch 'bugfix/KASM-6644_fix_docker_scan_rate_limiting' into 'develop'

KASM-6644 Use a github PAT with no permmissions to get around ghcr.io trivy... Closes KASM-6644 See merge request kasm-technologies/internal/workspaces-core-images!231
2024-11-24 16:33:19 +01:00 · 2024-10-30 12:34:04 +00:00 · 2024-10-30 12:34:04 +00:00 · da097b56af
commit da097b56af
parent 91b634b923 707899f196
1 changed files with 7 additions and 0 deletions
--- a/ci-scripts/scan
+++ b/ci-scripts/scan
@ -3,7 +3,14 @@
 set -eo pipefail

 build_report() {
+  set +e
  $trivy_cmd --exit-code 0 --format template --template "@/$trivy_dir/contrib/junit.tpl" -o "$source_dir/trivy-report.xml" "$target"
+  RESULT=$?
+  set -e
+  if [ $RESULT -ne 0 ]; then
+    echo "Trivy command failed with default db, falling back to using ECR vuln db"
+    $trivy_cmd --db-repository public.ecr.aws/aquasecurity/trivy-db:2 --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db:1 --exit-code 0 --format template --template "@/$trivy_dir/contrib/junit.tpl" -o "$source_dir/trivy-report.xml" "$target"
+  fi
  #$trivy_cmd --exit-code 0 --format json -o "$source_dir/report.json" "$target"
 }