Merge pull request #3341 from cdr/jsjoeio/disable-trivy

fix(ci): disable trivy-scan-repo
2021-05-11 10:30:17 -07:00 · 2021-05-11 10:30:17 -07:00 · 6d7f329001
commit 6d7f329001
parent 3df771fbc4 510ff9c9f8
1 changed files with 18 additions and 18 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -461,30 +461,30 @@ jobs:
        uses: github/codeql-action/upload-sarif@v1
        with:
          sarif_file: "trivy-image-results.sarif"
-
  # We have to use two trivy jobs
  # because GitHub only allows
  # codeql/upload-sarif action per job
  trivy-scan-repo:
    runs-on: ubuntu-20.04
-
+    # NOTE@jsjoeio 5/10/2021
+    # Disabling until fixed upstream
+    # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
+    if: "1 == 2"
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
-
      - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
-        with:
-          scan-type: "fs"
-          scan-ref: "."
-          ignore-unfixed: true
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-repo-results.sarif"
-          severity: "HIGH,CRITICAL"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
-        with:
-          sarif_file: "trivy-repo-results.sarif"
+  Commit SHA for v0.0.14
+    uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+    with:
+      scan-type: "fs"
+      scan-ref: "."
+      ignore-unfixed: true
+      format: "template"
+      template: "@/contrib/sarif.tpl"
+      output: "trivy-repo-results.sarif"
+      severity: "HIGH,CRITICAL"
+  - name: Upload Trivy scan results to GitHub Security tab
+    uses: github/codeql-action/upload-sarif@v1
+    with:
+      sarif_file: "trivy-repo-results.sarif"