Skip to content

Commit

Permalink
Merge pull request #4463 from GSA-TTS/main
Browse files Browse the repository at this point in the history
  • Loading branch information
@jadudm
jadudm authored Nov 16, 2024
2 parents eaaf1fa + 6a1667a commit b20ce4f
Show file tree
Hide file tree
Showing 4 changed files with 156 additions and 167 deletions.
22 changes: 20 additions & 2 deletions .github/workflows/pull-containers-and-push-to-ghcr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,26 @@ jobs:
- name: Pull Docker Image
run: docker pull ${{ matrix.image.name }}

- name: Scan Image
run: docker run aquasec/trivy:latest image --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH ${{ matrix.image.name }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
TRIVY_SKIP_DB_UPDATE: true
TRIVY_SKIP_JAVA_DB_UPDATE: true
TRIVY_DISABLE_VEX_NOTICE: true
with:
image-ref: '${{ matrix.image.name }}'
scan-type: 'image'
hide-progress: false
exit-code: 1
severity: 'CRITICAL,HIGH'
scanners: 'vuln'
timeout: 15m0s
ignore-unfixed: true

# - name: Scan Image
# run: docker run aquasec/trivy:latest image --db-repository public.ecr.aws/aquasecurity/trivy-db,ghcr.io/aquasecurity/trivy-db --java-db-repository public.ecr.aws/aquasecurity/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db --timeout 5m --scanners vuln --exit-code 1 --severity CRITICAL,HIGH ${{ matrix.image.name }}

- name: Tag Image
run: |
Expand Down
Loading

0 comments on commit b20ce4f

Please sign in to comment.