Skip to content

fix trivy error on vulnerability testing #962

fix trivy error on vulnerability testing

fix trivy error on vulnerability testing #962

Workflow file for this run

name: Check vulnerabilities
on:
push:
paths-ignore:
- '**.md'
pull_request:
branches:
- master
paths-ignore:
- '!**.md'
release:
types:
- released
jobs:
vulnerabilities:
runs-on: ubuntu-22.04
defaults:
run:
working-directory: .
steps:
- name: Checkout pygeoapi
uses: actions/checkout@master
- name: Scan vulnerabilities with trivy
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
scanners: vuln,misconfig,secret
scan-ref: .
- name: Build locally the image from Dockerfile
run: |
docker buildx build -t ${{ github.repository }}:${{ github.sha }} --platform linux/amd64 --no-cache -f Dockerfile .
- name: Scan locally built Docker image for vulnerabilities with trivy
uses: aquasecurity/trivy-action@master
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
with:
scan-type: image
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
vuln-type: os,library
image-ref: '${{ github.repository }}:${{ github.sha }}'