fix: use aws mirror of trivy db to fix rate limiter issue (#11342) (#11347)

Signed-off-by: Vishal Choudhary <vishal.choudhary@nirmata.com>

.github/workflows/devcontainer-build.yaml

@@ -30,3 +30,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+        env:
+          # Trivy is returning TOOMANYREQUESTS
+          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'

.github/workflows/images-build.yaml

@@ -39,3 +39,7 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+        env:
+          # Trivy is returning TOOMANYREQUESTS
+          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'

.github/workflows/images-publish.yaml

@@ -47,6 +47,10 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+        env:
+          # Trivy is returning TOOMANYREQUESTS
+          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: Install Cosign
         uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
       - name: Publish kyverno

.github/workflows/release.yaml

@@ -42,6 +42,10 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
+        env:
+          # Trivy is returning TOOMANYREQUESTS
+          # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+          TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: Install Cosign
         uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
       - name: Publish kyverno

.github/workflows/report-on-vulnerabilities.yaml

@@ -31,14 +31,16 @@ jobs:
     
     - name: Scan for vulnerabilities in latest image
       uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
-
       with: 
         image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
         format: json
         ignore-unfixed: false
         severity: HIGH,CRITICAL
         output: scan1.json
-
+      env:
+        # Trivy is returning TOOMANYREQUESTS
+        # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+        TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
     - name: Scan for vulnerabilities in latest-1 image
       uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
       with: 
@@ -47,7 +49,10 @@ jobs:
         ignore-unfixed: false
         severity: HIGH,CRITICAL
         output: scan2.json
-
+      env:
+        # Trivy is returning TOOMANYREQUESTS
+        # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+        TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
     - name: Scan for vulnerabilities in latest-2 image
       uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
       with: 
@@ -56,7 +61,10 @@ jobs:
         ignore-unfixed: false
         severity: HIGH,CRITICAL
         output: scan3.json
-
+      env:
+        # Trivy is returning TOOMANYREQUESTS
+        # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
+        TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
     - name: Merge scan results
       id: merge-results
       run: |