Tweak runners, Trivy setup.

ukwa · Nov 16, 2023 · 3fe4191 · 3fe4191
1 parent eff833b
commit 3fe4191
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/.github/workflows/deploy-beta-swarm.yml b/.github/workflows/deploy-beta-swarm.yml
@@ -1,9 +1,10 @@
 name: Deploy UKWA BETA Services
 
-on:
-  push:
-    branches:
-      - master
+# Switching this off as no runners at present
+#on:
+#  push:
+#    branches:
+#      - master
 
 jobs:
   test-job:

diff --git a/.github/workflows/push-to-docker-hub.yml b/.github/workflows/push-to-docker-hub.yml
@@ -55,13 +55,23 @@ jobs:
           load: true
           tags: ${{ env.TEST_TAG }}
 
+      - name: Run Trivy vulnerability scanner, logging to console
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: '${{ env.TEST_TAG }}'
+          format: 'table'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+          timeout: '30m'
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: '${{ env.TEST_TAG }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
-          exit-code: 1
+          #exit-code: '1' This seems to be causing problems at present, failing even when there are no problems
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'HIGH,CRITICAL'