Skip to content

Commit

Permalink
Tweak runners, Trivy setup.
Browse files Browse the repository at this point in the history
  • Loading branch information
anjackson committed Nov 16, 2023
1 parent eff833b commit 3fe4191
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
9 changes: 5 additions & 4 deletions .github/workflows/deploy-beta-swarm.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
name: Deploy UKWA BETA Services

on:
push:
branches:
- master
# Switching this off as no runners at present
#on:
# push:
# branches:
# - master

jobs:
test-job:
Expand Down
12 changes: 11 additions & 1 deletion .github/workflows/push-to-docker-hub.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,23 @@ jobs:
load: true
tags: ${{ env.TEST_TAG }}

- name: Run Trivy vulnerability scanner, logging to console
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.TEST_TAG }}'
format: 'table'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
timeout: '30m'

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.TEST_TAG }}'
format: 'sarif'
output: 'trivy-results.sarif'
exit-code: 1
#exit-code: '1' This seems to be causing problems at present, failing even when there are no problems
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'HIGH,CRITICAL'
Expand Down

0 comments on commit 3fe4191

Please sign in to comment.