Skip to content

Commit

Permalink
Update scan-vulns.yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@binbin-li
binbin-li authored Oct 15, 2024
1 parent ec2ee9e commit a618aab
Showing 1 changed file with 0 additions and 7 deletions.
7 changes: 0 additions & 7 deletions .github/workflows/scan-vulns.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@ jobs:
name: "[Trivy] Scan for vulnerabilities"
runs-on: ubuntu-22.04
timeout-minutes: 15
env:
TRIVY_VERSION: "0.46.0"
steps:
- name: Harden Runner
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
Expand All @@ -55,7 +53,6 @@ jobs:
scan-ref: '.'
ignore-unfixed: true
scanners: 'vuln'
version: ${{ env.TRIVY_VERSION }}

- name: Build docker images
run: |
Expand All @@ -68,15 +65,13 @@ jobs:
scan-type: 'image'
image-ref: 'localbuild:test'
ignore-unfixed: true
version: ${{ env.TRIVY_VERSION }}

- name: Run Trivy vulnerability scanner on localbuildcrd:test
uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
with:
scan-type: 'image'
image-ref: 'localbuildcrd:test'
ignore-unfixed: true
version: ${{ env.TRIVY_VERSION }}

- name: Run Trivy vulnerability scanner on localbuild:test and exit on HIGH severity
uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
Expand All @@ -86,7 +81,6 @@ jobs:
ignore-unfixed: true
severity: 'HIGH,CRITICAL'
exit-code: '1'
version: ${{ env.TRIVY_VERSION }}

- name: Run Trivy vulnerability scanner on localbuildcrd:test and exit on HIGH severity
uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # 0.27.0
Expand All @@ -96,4 +90,3 @@ jobs:
ignore-unfixed: true
severity: 'HIGH,CRITICAL'
exit-code: '1'
version: ${{ env.TRIVY_VERSION }}

0 comments on commit a618aab

Please sign in to comment.