From 85dfe553bf44adeb637e7e5d955298cb0ddbf4f7 Mon Sep 17 00:00:00 2001
From: cuttingedge1109 <53085803+cuttingedge1109@users.noreply.github.com>
Date: Wed, 2 Oct 2024 13:00:50 +0200
Subject: [PATCH] feat: make vul db repo configurable

---
 README.md    | 1 +
 pipe.yml     | 4 ++++
 pipe/pipe.sh | 3 +++
 3 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 409c085..e921c23 100644
--- a/README.md
+++ b/README.md
@@ -194,6 +194,7 @@ Following inputs can be used as `step.with` keys:
 | `cacheDir`      | String  |                                    | Cache directory                               |
 | `timeout`        | String  | `2m0s`                             | Scan timeout duration                         |
 | `ignorePolicy`  | String  |                                    | Filter vulnerabilities with OPA rego language |
+| `dbRepository`      | String  |                                | vulnerability DB OCI repository |
 
 
 [license]: https://github.com/aquasecurity/trivy-pipe/blob/master/LICENSE
diff --git a/pipe.yml b/pipe.yml
index 87e93e8..2b39ca8 100644
--- a/pipe.yml
+++ b/pipe.yml
@@ -68,6 +68,10 @@ variables:
     description: 'hide progress output'
     required: false
     default: true
+  - name: dbRepository
+    description: 'comma separated list of directories where traversal is skipped'
+    required: false
+    default: ''
 
 respository: https://github.com/aquasecurity/trivy-pipe
 maintainer: 
diff --git a/pipe/pipe.sh b/pipe/pipe.sh
index b3c25d5..f6311d8 100644
--- a/pipe/pipe.sh
+++ b/pipe/pipe.sh
@@ -61,6 +61,9 @@ fi
 if [ "$hideProgress" == "true" ];then
   ARGS="$ARGS --no-progress"
 fi
+if [ $dbRepository ];then
+ ARGS="$ARGS --db-repository $dbRepository"
+fi
 
 echo "Running trivy with options: ${ARGS}" "${artifactRef}"
 echo "Global options: " "${GLOBAL_ARGS}"