From 9c120509d30b8d478d7cc40fb2ce94b7fe959696 Mon Sep 17 00:00:00 2001 From: Sertac Ozercan Date: Tue, 16 Jan 2024 20:13:33 +0000 Subject: [PATCH] update jq Signed-off-by: Sertac Ozercan --- .github/workflows/test.yaml | 2 +- README.md | 2 +- test/test.bats | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 7fcde3a..66198aa 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -32,7 +32,7 @@ jobs: id: vuln_count run: | report_file="report.json" - vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]] | length' "$report_file") + vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs" and .Vulnerabilities!=null) | .Vulnerabilities[]] | length' "$report_file") echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT # copa action will only run if there are vulnerabilities diff --git a/README.md b/README.md index bab854b..3786eee 100644 --- a/README.md +++ b/README.md @@ -58,7 +58,7 @@ jobs: id: vuln_count run: | report_file="report.json" - vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]] | length' "$report_file") + vuln_count=$(jq '[.Results[] | select(.Class=="os-pkgs" and .Vulnerabilities!=null) | .Vulnerabilities[]] | length' "$report_file") echo "vuln_count=$vuln_count" >> $GITHUB_OUTPUT # copa action will only run if there are vulnerabilities diff --git a/test/test.bats b/test/test.bats index 511f2ab..5c3e741 100755 --- a/test/test.bats +++ b/test/test.bats @@ -15,6 +15,6 @@ teardown_file() { @test "Run trivy on patched image" { run trivy image --exit-code 1 --vuln-type os --ignore-unfixed -f json -o nginx.1.21.6-patched.json 'docker.io/library/nginx:1.21.6-patched' [ "$status" -eq 0 ] - vulns=$(jq '[.Results[] | select(.Class=="os-pkgs") | .Vulnerabilities[]] | length' nginx.1.21.6-patched.json) + vulns=$(jq '[.Results[] | select(.Class=="os-pkgs" and .Vulnerabilities!=null) | .Vulnerabilities[]] | length' nginx.1.21.6-patched.json) assert_equal "$vulns" "0" }