lingwei.kong/hawkbit
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

Adds .trivyignore and use it in the scan (#1520)

Browse Source 
Signed-off-by: Marinov Avgustin <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2023-12-15 14:08:50 +02:00
committed by GitHub
parent ba648cae0e
commit afd9f24d71
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/trivy-scan.yml vendored
View File

@@ -32,7 +32,8 @@ jobs:
mvn clean install -DskipTests && \
cd hawkbit-runtime/docker/docker_build && \
chmod +x build_all_dev.sh && \
./build_all_dev.sh
./build_all_dev.sh && \
cd ../../..
- name: Determine most recent Trivy version
run: |
@@ -48,7 +49,7 @@ jobs:
mkdir -p scans/eclipse/hawkbit
for IMAGE in $(docker image ls --format "{{.Repository}}:{{.Tag}}" "hawkbit/hawkbit-*:latest"); do
echo "Scanning image ${IMAGE} ..."
./trivy image "${IMAGE}" --ignore-unfixed --severity HIGH,CRITICAL --vuln-type library --output "scans/eclipse/$IMAGE.sarif" --format sarif
./trivy image "${IMAGE}" --ignore-unfixed --ignorefile .github/workflows/.trivyignore --severity HIGH,CRITICAL --vuln-type library --output "scans/eclipse/$IMAGE.sarif" --format sarif
done
- name: Upload Docker image scan results to GitHub Security tab