feat(ci): pass SBOM_CHECK_LOCAL_DB to esp-idf-sbom-action

esp-idf-sbom offers two ways to perform vulnerability scanning. The primary method, which is the default, uses the NVD REST API. The alternative method uses the esp-nvd-mirror repository. If there are issues with accessing the NVD REST API, it can be useful to switch to the esp-nvd-mirror easily. Allow to set the SBOM_CHECK_LOCAL_DB github repository variable to switch to esp-nvd-mirror. Signed-off-by: Frantisek Hrbata <[email protected]>
EliteTK · Nov 26, 2024 · e9cfa83 · e9cfa83
1 parent 874ce4d
commit e9cfa83
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/.github/workflows/vulnerability_scan.yml b/.github/workflows/vulnerability_scan.yml
@@ -27,6 +27,7 @@ jobs:
 
       - name: Vulnerability scan
         env:
+          SBOM_CHECK_LOCAL_DB: ${{ vars.SBOM_CHECK_LOCAL_DB }}
           SBOM_MATTERMOST_WEBHOOK: ${{ secrets.SBOM_MATTERMOST_WEBHOOK }}
           NVDAPIKEY: ${{ secrets.NVDAPIKEY }}
         uses: espressif/esp-idf-sbom-action@master