Merge pull request #3341 from cdr/jsjoeio/disable-trivy

fix(ci): disable trivy-scan-repo
This commit is contained in:
Joe Previte 2021-05-11 10:30:17 -07:00 committed by GitHub
commit 6d7f329001
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 18 deletions

View File

@ -461,30 +461,30 @@ jobs:
uses: github/codeql-action/upload-sarif@v1 uses: github/codeql-action/upload-sarif@v1
with: with:
sarif_file: "trivy-image-results.sarif" sarif_file: "trivy-image-results.sarif"
# We have to use two trivy jobs # We have to use two trivy jobs
# because GitHub only allows # because GitHub only allows
# codeql/upload-sarif action per job # codeql/upload-sarif action per job
trivy-scan-repo: trivy-scan-repo:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
# NOTE@jsjoeio 5/10/2021
# Disabling until fixed upstream
# See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084
if: "1 == 2"
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Run Trivy vulnerability scanner in repo mode - name: Run Trivy vulnerability scanner in repo mode
# Commit SHA for v0.0.14 Commit SHA for v0.0.14
uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
with: with:
scan-type: "fs" scan-type: "fs"
scan-ref: "." scan-ref: "."
ignore-unfixed: true ignore-unfixed: true
format: "template" format: "template"
template: "@/contrib/sarif.tpl" template: "@/contrib/sarif.tpl"
output: "trivy-repo-results.sarif" output: "trivy-repo-results.sarif"
severity: "HIGH,CRITICAL" severity: "HIGH,CRITICAL"
- name: Upload Trivy scan results to GitHub Security tab
- name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v1
uses: github/codeql-action/upload-sarif@v1 with:
with: sarif_file: "trivy-repo-results.sarif"
sarif_file: "trivy-repo-results.sarif"