fix(ci): disable trivy-scan-repo

2021-05-10 17:01:10 -07:00 · 2021-05-10 17:01:10 -07:00 · 510ff9c9f8
commit 510ff9c9f8
parent 3df771fbc4
1 changed files with 18 additions and 18 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -461,30 +461,30 @@ jobs:
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: "trivy-image-results.sarif"
  # We have to use two trivy jobs
  # because GitHub only allows
  # codeql/upload-sarif action per job
  trivy-scan-repo:
    runs-on: ubuntu-20.04
-
+    # NOTE@jsjoeio 5/10/2021
    # Disabling until fixed upstream
    # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
    if: "1 == 2"
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
+  Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+    uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
-        with:
+    with:
-          scan-type: "fs"
+      scan-type: "fs"
-          scan-ref: "."
+      scan-ref: "."
-          ignore-unfixed: true
+      ignore-unfixed: true
-          format: "template"
+      format: "template"
-          template: "@/contrib/sarif.tpl"
+      template: "@/contrib/sarif.tpl"
-          output: "trivy-repo-results.sarif"
+      output: "trivy-repo-results.sarif"
-          severity: "HIGH,CRITICAL"
+      severity: "HIGH,CRITICAL"
-
+  - name: Upload Trivy scan results to GitHub Security tab
-      - name: Upload Trivy scan results to GitHub Security tab
+    uses: github/codeql-action/upload-sarif@v1
-        uses: github/codeql-action/upload-sarif@v1
+    with:
-        with:
+      sarif_file: "trivy-repo-results.sarif"
          sarif_file: "trivy-repo-results.sarif"