fix(ci): disable trivy-scan-repo
This commit is contained in:
parent
3df771fbc4
commit
510ff9c9f8
36
.github/workflows/ci.yaml
vendored
36
.github/workflows/ci.yaml
vendored
@ -461,30 +461,30 @@ jobs:
|
|||||||
uses: github/codeql-action/upload-sarif@v1
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
with:
|
with:
|
||||||
sarif_file: "trivy-image-results.sarif"
|
sarif_file: "trivy-image-results.sarif"
|
||||||
|
|
||||||
# We have to use two trivy jobs
|
# We have to use two trivy jobs
|
||||||
# because GitHub only allows
|
# because GitHub only allows
|
||||||
# codeql/upload-sarif action per job
|
# codeql/upload-sarif action per job
|
||||||
trivy-scan-repo:
|
trivy-scan-repo:
|
||||||
runs-on: ubuntu-20.04
|
runs-on: ubuntu-20.04
|
||||||
|
# NOTE@jsjoeio 5/10/2021
|
||||||
|
# Disabling until fixed upstream
|
||||||
|
# See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
|
||||||
|
if: "1 == 2"
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout code
|
- name: Checkout code
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Run Trivy vulnerability scanner in repo mode
|
- name: Run Trivy vulnerability scanner in repo mode
|
||||||
# Commit SHA for v0.0.14
|
Commit SHA for v0.0.14
|
||||||
uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
|
uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
|
||||||
with:
|
with:
|
||||||
scan-type: "fs"
|
scan-type: "fs"
|
||||||
scan-ref: "."
|
scan-ref: "."
|
||||||
ignore-unfixed: true
|
ignore-unfixed: true
|
||||||
format: "template"
|
format: "template"
|
||||||
template: "@/contrib/sarif.tpl"
|
template: "@/contrib/sarif.tpl"
|
||||||
output: "trivy-repo-results.sarif"
|
output: "trivy-repo-results.sarif"
|
||||||
severity: "HIGH,CRITICAL"
|
severity: "HIGH,CRITICAL"
|
||||||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
- name: Upload Trivy scan results to GitHub Security tab
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
uses: github/codeql-action/upload-sarif@v1
|
with:
|
||||||
with:
|
sarif_file: "trivy-repo-results.sarif"
|
||||||
sarif_file: "trivy-repo-results.sarif"
|
|
||||||
|
Loading…
Reference in New Issue
Block a user