Update Trivy job to use custom SARIF template and exit code

secmon-lab · Nov 2, 2024 · f0583ca · f0583ca
1 parent 42154af
commit f0583ca
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -25,9 +25,12 @@ jobs:
         with:
           scan-type: "fs"
           ignore-unfixed: true
-          format: "sarif"
+          format: "template"
+          template: "@/contrib/sarif.tpl"
           output: "trivy-results.sarif"
-          exit-code: 0
+          exit-code: 1
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
 
       - name: Upload Trivy scan results to GitHub Security tab
         if: failure() && steps.scan.outcome == 'failure'