From 51f2123c5ccc4f7a37d1068830b6670b4ccf9ac8 Mon Sep 17 00:00:00 2001
From: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Date: Fri, 6 Dec 2024 13:33:58 +0600
Subject: [PATCH] fix: handle `BLOW_UNKNOWN` error to download DBs (#8060)

---
 pkg/oci/artifact.go | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/pkg/oci/artifact.go b/pkg/oci/artifact.go
index 8ed7dcdad03d..440cbebc0979 100644
--- a/pkg/oci/artifact.go
+++ b/pkg/oci/artifact.go
@@ -262,6 +262,19 @@ func shouldTryOtherRepo(err error) bool {
 		}
 	}
 
-	// try the following artifact only if a temporary error occurs
-	return terr.Temporary()
+	// try the following artifact if a temporary error occurs
+	if terr.Temporary() {
+		return true
+	}
+
+	// `GCR` periodically returns `BLOB_UNKNOWN` error.
+	// cf. https://github.com/aquasecurity/trivy/discussions/8020
+	// In this case we need to check other repositories.
+	for _, e := range terr.Errors {
+		if e.Code == transport.BlobUnknownErrorCode {
+			return true
+		}
+	}
+
+	return false
 }