Skip to content

Commit

Permalink
update trivy scan for gen spdx.json file
Browse files Browse the repository at this point in the history
  • Loading branch information
yunchu committed Mar 29, 2024
1 parent f9f8078 commit c318a7f
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 3 deletions.
File renamed without changes.
6 changes: 6 additions & 0 deletions .ci/trivy-spdx-json.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
ignore-policy: ""
ignorefile: .trivyignore
format: spdx-json
output: trivy-results.spdx.json
list-all-pkgs: true
debug: true
13 changes: 10 additions & 3 deletions .github/workflows/code_scan.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,18 +27,25 @@ jobs:
run: python -m pip install --require-hashes --no-deps -r .ci/piptools-deps.txt
- name: Freeze dependencies
run: pip-compile --extra=docs,base,mmlab,anomaly -o requirements.txt pyproject.toml
- name: Trivy Scanning
- name: Trivy Scanning (csv)
uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
with:
trivy-config: ".ci/trivy.yaml"
trivy-config: ".ci/trivy-csv.yaml"
scan-type: "fs"
scan-ref: .
scanners: vuln,secret
- name: Trivy Scanning (spdx.json)
uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
with:
trivy-config: ".ci/trivy-spdx-json.yaml"
scan-type: "fs"
scan-ref: .
scanners: vuln,secret
- name: Upload Trivy results artifact
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: trivy-results
path: "${{ github.workspace }}/trivy-results.csv"
path: "${{ github.workspace }}/trivy-results.*"
Bandit:
runs-on: ubuntu-latest
steps:
Expand Down

0 comments on commit c318a7f

Please sign in to comment.