Update vulnerability_scanning.yml

superduper-io · Jan 20, 2025 · 81f83c1 · 81f83c1
1 parent 2ac3edf
commit 81f83c1
Showing 1 changed file with 2 additions and 15 deletions.
diff --git a/.github/workflows/vulnerability_scanning.yml b/.github/workflows/vulnerability_scanning.yml
@@ -28,9 +28,8 @@ jobs:
       - name: Run Trivy Scan
         uses: aquasecurity/[email protected]
         with:
-          scan-type: filesystem
+          scan-type: "fs"
           scan-ref: .
-          path: .
           severity: CRITICAL,HIGH
           ignore-unfixed: true
           exit-code: 1
@@ -41,17 +40,5 @@ jobs:
         uses: actions/upload-artifact@v4
         with:
           name: trivy-report
-          path: trivy-report.json
+          path: trivy-report.sarif
           retention-days: 30
-
-      - name: Fail build on High/Criticial Vulnerabilities
-        uses: aquasecurity/trivy-action@master
-        with:
-          scan-type: "fs"
-          format: table
-          scan-ref: .
-          severity: HIGH,CRITICAL
-          ignore-unfixed: true
-          exit-code: 1
-          # On a subsequent call to the action we know trivy is already installed so can skip this
-          skip-setup-trivy: true