-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: add usage info about action/cache
for trivy databases
#397
Conversation
action/cache
to trivy-db
action/cache
for trivy-db
How about trivy-java-db? |
I think there is no point in adding an example for each database, but I wrote about |
action/cache
for trivy-db
action/cache
for trivy databases
## Trivy-db uses `0600` permissions. | ||
## But `action/cache` use `runner` user by default | ||
## So we need to change the permissions before caching the database. | ||
- name: change permissions for trivy.db | ||
run: sudo chmod 0644 ./cache/db/trivy.db |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we change perms prior to running Trivy?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are 2 possible cases:
- cache doesn't contain DB - in this case we will save DB on
Post Restore trivy cache
step (see https://github.com/DmitriyLewen/test-trivy-action/actions/runs/11158340123/job/31014411967). So we can change permissions after Trivy work. - cache contains cache - in this case DB in cache already uses correct permissions.
…curity#397) * docs: add info about using `action/cache` for `trivy-db` * docs: add info about trivy-java-db and trivy-checks
Description
Due to the large number of
TOOMANYREQUESTS
errors - it makes sense to usecache
Add information on how to use
action/cache
Test runs: