fail on med

ratify-project · May 31, 2024 · 64c2315 · 64c2315
1 parent a01b605
commit 64c2315
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.github/workflows/scan-vulns.yaml b/.github/workflows/scan-vulns.yaml
@@ -61,8 +61,13 @@ jobs:
         run: |
           make e2e-build-local-ratify-image
           make e2e-build-crd-image
-      - name: Run trivy on images
+      - name: Run trivy on images for all severity
         run: |
           for img in "localbuild:test" "localbuildcrd:test"; do
               trivy image --ignore-unfixed --vuln-type="os,library" "${img}"
+          done
+      - name: Run trivy on images and exit on medium severity
+        run: |
+          for img in "localbuild:test" "localbuildcrd:test"; do
+              trivy image --ignore-unfixed --exit-code 1 --severity MEDIUM --vuln-type="os,library" "${img}"
           done