Skip to content

Commit

Permalink
Update trivy-scan.yml
Browse files Browse the repository at this point in the history
  • Loading branch information
@onobc
onobc authored Dec 11, 2023
1 parent 91bfd89 commit 990608c
Showing 1 changed file with 8 additions and 7 deletions.
15 changes: 8 additions & 7 deletions .github/workflows/trivy-scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ jobs:
name: Run Trivy Scan
runs-on: ubuntu-latest
steps:

- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Build
Expand All @@ -16,22 +17,22 @@ jobs:
curdir=$(pwd)
mkdir $curdir/maven-repo-local
./gradlew --info -Dmaven.repo.local=$curdir/maven-repo-local pTML
- name: Run Trivy scan in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '/github/workspace/maven-repo-local/org/springframework/pulsar'
format: 'json'
output: trivy-results.json
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH,MEDIUM'
scan-ref: './maven-repo-local/org/springframework/pulsar'
trivy-config: trivy.yaml
format: 'json'
output: 'trivy-results.json'
severity: 'CRITICAL'

- name: Output Trivy scan results
if: always()
run: |
cat trivy-results.json
- name: Upload Trivy scan results
uses: actions/upload-artifact@v3
if: always()
Expand Down

0 comments on commit 990608c

Please sign in to comment.