From 314d46e5193277c20a59a8ec05afe1e1023706af Mon Sep 17 00:00:00 2001 From: "huish@microsoft.com" Date: Fri, 31 May 2024 02:05:31 +0000 Subject: [PATCH] fail critical --- .github/workflows/scan-vulns.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml index e7ecf02aa..e63e4252f 100644 --- a/.github/workflows/scan-vulns.yaml +++ b/.github/workflows/scan-vulns.yaml @@ -66,8 +66,8 @@ jobs: for img in "localbuild:test" "localbuildcrd:test"; do trivy image --ignore-unfixed --vuln-type="os,library" "${img}" done - - name: Run trivy on images and exit on medium severity + - name: Run trivy on images and exit on CRITICAL severity run: | for img in "localbuild:test" "localbuildcrd:test"; do - trivy image --ignore-unfixed --exit-code 1 --severity MEDIUM --vuln-type="os,library" "${img}" + trivy image --ignore-unfixed --exit-code 1 --severity CRITICAL --vuln-type="os,library" "${img}" done \ No newline at end of file