[main.yml] Bypass trivy scanning (#556)

wri · Oct 17, 2024 · c892126 · c892126
1 parent 577f56d
commit c892126
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -9,6 +9,7 @@ on:
 env:
   PROJECT_NAME: wri-odp
   BRANCH_NAME: dev
+  ENABLE_TRIVY_SCANNING: false
 permissions:
   id-token: write
   contents: read
@@ -172,6 +173,7 @@ jobs:
         run: docker compose -f docker-compose.test.yml --env-file .env.example exec -T ckan-dev /bin/bash -c "/srv/app/run_unit_tests.sh"
         working-directory: ./ckan-backend-dev
       - name: Run Trivy Vulnerability Scanner for CKAN Container 🧪
+        if: ${{ env.ENABLE_TRIVY_SCANNING == 'true' }}
         uses: aquasecurity/trivy-action@master
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
@@ -185,6 +187,7 @@ jobs:
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
       - name: Run Trivy Vulnerability Scanner for Frontend Container 🧪
+        if: ${{ env.ENABLE_TRIVY_SCANNING == 'true' }}
         uses: aquasecurity/trivy-action@master
         env:
           REGISTRY: ${{ steps.login-ecr.outputs.registry }}
@@ -198,10 +201,12 @@ jobs:
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
       - name: Upload CKAN container Trivy scan results to GitHub Code scanning
+        if: ${{ env.ENABLE_TRIVY_SCANNING == 'true' }}
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ckan-trivy-results.sarif
       - name: Upload Frontend container Trivy scan results to GitHub Code scanning
+        if: ${{ env.ENABLE_TRIVY_SCANNING == 'true' }}
         uses: github/codeql-action/upload-sarif@v3
         with:
           category: frontend_container_trivy_results