Skip to content

Commit bb0415d

Browse files
nullvariantclaude
andauthored
fix(ci): use ghcr.io for Trivy vulnerability DB download (#363)
Trivy defaults to mirror.gcr.io for DB download, which is blocked by harden-runner egress policy. Use ghcr.io/aquasecurity/trivy-db:2 instead, which is already in allowed-endpoints. 🖥️ IDE: [Cursor](https://cursor.sh) 🔌 Extension: [Claude Code](https://claude.ai/download) Model-Raw: claude-opus-4-6-20250514 Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent bc82184 commit bb0415d

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

.github/workflows/publish.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,8 @@ jobs:
8080
chmod +x trivy
8181
./trivy fs extensions/git-id-switcher \
8282
--severity CRITICAL,HIGH \
83-
--exit-code 1
83+
--exit-code 1 \
84+
--db-repository ghcr.io/aquasecurity/trivy-db:2
8485
rm -f trivy trivy.tar.gz
8586
8687
# Supply Chain Security: Cosign keyless signing for VSIX

0 commit comments

Comments
 (0)