From e9cfa8398369643c59fef0fefdf5dbbc9103b657 Mon Sep 17 00:00:00 2001
From: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Date: Tue, 26 Nov 2024 14:37:23 +0100
Subject: [PATCH] feat(ci): pass SBOM_CHECK_LOCAL_DB to esp-idf-sbom-action

esp-idf-sbom offers two ways to perform vulnerability scanning. The
primary method, which is the default, uses the NVD REST API. The
alternative method uses the esp-nvd-mirror repository. If there are
issues with accessing the NVD REST API, it can be useful to switch to
the esp-nvd-mirror easily. Allow to set the SBOM_CHECK_LOCAL_DB github
repository variable to switch to esp-nvd-mirror.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
---
 .github/workflows/vulnerability_scan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/vulnerability_scan.yml b/.github/workflows/vulnerability_scan.yml
index fe775576e5a2..2da8cb6450e4 100644
--- a/.github/workflows/vulnerability_scan.yml
+++ b/.github/workflows/vulnerability_scan.yml
@@ -27,6 +27,7 @@ jobs:
 
       - name: Vulnerability scan
         env:
+          SBOM_CHECK_LOCAL_DB: ${{ vars.SBOM_CHECK_LOCAL_DB }}
           SBOM_MATTERMOST_WEBHOOK: ${{ secrets.SBOM_MATTERMOST_WEBHOOK }}
           NVDAPIKEY: ${{ secrets.NVDAPIKEY }}
         uses: espressif/esp-idf-sbom-action@master