fix jq to be specific to os vulns

Signed-off-by: Sertac Ozercan <[email protected]>
project-copacetic · Jan 16, 2024 · 2e7b5d6 · 2e7b5d6
1 parent a4eed11
commit 2e7b5d6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -55,7 +55,7 @@ jobs:
           id: vuln_count
           run: |
             report_file="report.json"
-            vuln_count=$(jq '.Results | length' "$report_file")
+            vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]] | length' "$report_file")
             echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT
 
         - name: Copa Action

diff --git a/test/test.bats b/test/test.bats
@@ -15,6 +15,6 @@ teardown_file() {
 @test "Run trivy on patched image" {
     run trivy image --exit-code 1 --vuln-type os --ignore-unfixed -f json -o nginx.1.21.6-patched.json 'docker.io/library/nginx:1.21.6-patched'
     [ "$status" -eq 0 ]
-    vulns=$(jq '.Results[0].Vulnerabilities | length' nginx.1.21.6-patched.json)
+    vulns=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]] | length' nginx.1.21.6-patched.json)
     assert_equal "$vulns" "0"
 }