From 510ff9c9f82f61f5785b188d41c486052efae6a2 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Mon, 10 May 2021 17:01:10 -0700 Subject: [PATCH] fix(ci): disable trivy-scan-repo --- .github/workflows/ci.yaml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 682340a3..eae71b1e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -461,30 +461,30 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: "trivy-image-results.sarif" - # We have to use two trivy jobs # because GitHub only allows # codeql/upload-sarif action per job trivy-scan-repo: runs-on: ubuntu-20.04 - + # NOTE@jsjoeio 5/10/2021 + # Disabling until fixed upstream + # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084 + if: "1 == 2" steps: - name: Checkout code uses: actions/checkout@v2 - - name: Run Trivy vulnerability scanner in repo mode - # Commit SHA for v0.0.14 - uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e - with: - scan-type: "fs" - scan-ref: "." - ignore-unfixed: true - format: "template" - template: "@/contrib/sarif.tpl" - output: "trivy-repo-results.sarif" - severity: "HIGH,CRITICAL" - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: "trivy-repo-results.sarif" + Commit SHA for v0.0.14 + uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e + with: + scan-type: "fs" + scan-ref: "." + ignore-unfixed: true + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-repo-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-repo-results.sarif"