chore: update trivy mirrors to public.ecr.aws and fix utf8 bom

snowdream · snowdream · commit ffa1d764e4db · 2026-05-28T19:35:35.000+08:00
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -787,7 +787,7 @@ repos:
       - id: trivy
         name: trivy security scan
         language: system
-        entry: bash -c 'if command -v trivy >/dev/null 2>&1; then exec trivy fs . --scanners vuln,misconfig,secret --db-repository ghcr.io/aquasecurity/trivy-db:2 --java-db-repository ghcr.io/aquasecurity/trivy-java-db:1 --checks-bundle-repository ghcr.io/aquasecurity/trivy-checks:1 --timeout 15m --exit-code 1 --severity HIGH,CRITICAL "$@"; else echo "Skipped trivy not found"; fi' --
+        entry: bash -c 'if command -v trivy >/dev/null 2>&1; then exec trivy fs . --scanners vuln,misconfig,secret --db-repository public.ecr.aws/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db:1 --checks-bundle-repository public.ecr.aws/aquasecurity/trivy-checks --timeout 15m --exit-code 1 --severity HIGH,CRITICAL "$@"; else echo "Skipped trivy not found"; fi' --
         always_run: true
         pass_filenames: false
         description: "Comprehensive security scan for vulnerabilities, misconfigurations, and secrets using Trivy."
