Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update scan-vulns.yaml
Browse files Browse the repository at this point in the history
binbin-li authored Nov 6, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 76bff17 commit d4aa361
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/scan-vulns.yaml
Original file line number Diff line number Diff line change
@@ -57,7 +57,7 @@ jobs:
- name: Run trivy on git repository
run: |
trivy fs --skip-db-update --cache-dir $GITHUB_WORKSPACE/.cache/trivy/ --format table --ignore-unfixed --scanners vuln .
trivy fs --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --format table --ignore-unfixed --scanners vuln .
- name: Build docker images
run: |
@@ -66,10 +66,10 @@ jobs:
- name: Run trivy on images for all severity
run: |
for img in "localbuild:test" "localbuildcrd:test"; do
trivy image --skip-db-update --cache-dir $GITHUB_WORKSPACE/.cache/trivy/ --ignore-unfixed --vuln-type="os,library" "${img}"
trivy image --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --ignore-unfixed --vuln-type="os,library" "${img}"
done
- name: Run trivy on images and exit on HIGH/CRITICAL severity
run: |
for img in "localbuild:test" "localbuildcrd:test"; do
trivy image --skip-db-update --cache-dir $GITHUB_WORKSPACE/.cache/trivy/ --ignore-unfixed --exit-code 1 --severity HIGH,CRITICAL --vuln-type="os,library" "${img}"
done
trivy image --skip-db-update --cache-dir ${{ github.workspace }}/.cache/trivy/ --ignore-unfixed --exit-code 1 --severity HIGH,CRITICAL --vuln-type="os,library" "${img}"
done

0 comments on commit d4aa361

Please sign in to comment.