You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GitHub container registry randomly hitting api rate limit causing intermittent issue when downloading Trivy container CIS image / db and resulting in downstream scans to fail.
Options
Skip cache by default and always leverage upstream DB
As an emergency failure in case of upstream hosting environment flakiness / failures, there won't be caches since they are expired and skipped
Option to override default [<run_id>_<attempt_id>] to make it save unique caches in matrix job
a. specify option to override cache key as input
b. Detect if running in matrix context and generate unique caches based on some parameter.
Either way, this is also NOT recommended since multiple cache keys might exhaust Github default cache limits of 10GB since each cache key needs to be unique for run/attempt/matrix-input combination
Host a vuln DB mirror as Kong repo and use it as the DB URL override
Overhead of effort and maintenance to maintain a list of updated offline Trivy vulnerability DB and distributing them
The text was updated successfully, but these errors were encountered:
Summary
GitHub container registry randomly hitting api rate limit causing intermittent issue when downloading Trivy container CIS image / db and resulting in downstream scans to fail.
Options
a. specify option to override cache key as input
b. Detect if running in matrix context and generate unique caches based on some parameter.
run/attempt/matrix-inputcombinationThe text was updated successfully, but these errors were encountered: