Update scan-vulns.yaml

binbin-li · Oct 16, 2024 · 7b2b65c · 7b2b65c
1 parent 4567522
commit 7b2b65c
Showing 1 changed file with 8 additions and 11 deletions.
diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml
@@ -37,6 +37,8 @@ jobs:
     name: "[Trivy] Scan for vulnerabilities"
     runs-on: ubuntu-22.04
     timeout-minutes: 15
+    env:
+      TRIVY_VERSION: v0.49.1
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
@@ -50,7 +52,7 @@ jobs:
         uses: aquasecurity/setup-trivy@eadb05c36f891dc855bba00f67174a1e61528cd4 # v0.2.1
         with:
           cache: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}
 
       - name: Run trivy on git repository
         uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
@@ -59,8 +61,7 @@ jobs:
           scan-ref: '.'
           ignore-unfixed: true
           scanners: 'vuln'
-          skip-setup-trivy: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}
 
       - name: Build docker images
         run: |
@@ -73,17 +74,15 @@ jobs:
           scan-type: 'image'
           image-ref: 'localbuild:test'
           ignore-unfixed: true
-          skip-setup-trivy: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}
 
       - name: Run Trivy vulnerability scanner on localbuildcrd:test
         uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
         with:
           scan-type: 'image'
           image-ref: 'localbuildcrd:test'
           ignore-unfixed: true
-          skip-setup-trivy: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}
 
       - name: Run Trivy vulnerability scanner on localbuild:test and exit on HIGH severity
         uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
@@ -93,8 +92,7 @@ jobs:
           ignore-unfixed: true
           severity: 'HIGH,CRITICAL'
           exit-code: '1'
-          skip-setup-trivy: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}
 
       - name: Run Trivy vulnerability scanner on localbuildcrd:test and exit on HIGH severity
         uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
@@ -104,5 +102,4 @@ jobs:
           ignore-unfixed: true
           severity: 'HIGH,CRITICAL'
           exit-code: '1'
-          skip-setup-trivy: true
-          version: v0.49.1
+          version: ${{ env.TRIVY_VERSION }}