From 03fe6659cb7ef427aedf8f5ce14db12fa197644d Mon Sep 17 00:00:00 2001 From: DaMandal0rian Date: Sat, 21 Dec 2024 13:59:09 +0300 Subject: [PATCH] test trivy fix --- .github/workflows/trivy-security-scan.yml | 95 ++++++++++++----------- 1 file changed, 49 insertions(+), 46 deletions(-) diff --git a/.github/workflows/trivy-security-scan.yml b/.github/workflows/trivy-security-scan.yml index fcb51baefd..09411879a6 100644 --- a/.github/workflows/trivy-security-scan.yml +++ b/.github/workflows/trivy-security-scan.yml @@ -6,8 +6,11 @@ name: trivy-security-scan on: - repository_dispatch: - types: [trivy-scan-dispatch] + push: + branches: + - 'bump-trivy-fix' + # repository_dispatch: + # types: [trivy-scan-dispatch] jobs: trivy_scan: @@ -21,59 +24,59 @@ jobs: uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 # Image availability check with retry logic - - name: Check Docker image availability with retry - id: check-image - if: github.event.client_payload.image != '' - run: | - image="${{ github.event.client_payload.image }}" - interval=300 - retry_limit=5 - attempt=0 + # - name: Check Docker image availability with retry + # id: check-image + # if: github.event.client_payload.image != '' + # run: | + # image="${{ github.event.client_payload.image }}" + # interval=300 + # retry_limit=5 + # attempt=0 - while ! docker pull $image; do - attempt=$((attempt + 1)) - if [ "$attempt" -gt "$retry_limit" ]; then - echo "::error::Image $image is not available after $retry_limit attempts." - exit 1 - fi + # while ! docker pull $image; do + # attempt=$((attempt + 1)) + # if [ "$attempt" -gt "$retry_limit" ]; then + # echo "::error::Image $image is not available after $retry_limit attempts." + # exit 1 + # fi - echo "Waiting for $image to be available. Attempt $attempt/$retry_limit. Retrying in $interval seconds..." - sleep $interval - done + # echo "Waiting for $image to be available. Attempt $attempt/$retry_limit. Retrying in $interval seconds..." + # sleep $interval + # done - echo "Image $image is now available." + # echo "Image $image is now available." # Image scanning - - name: Run Trivy vulnerability scanner on image - if: github.event.client_payload.image != '' - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 - with: - version: 'v0.57.2' - image-ref: ${{ github.event.client_payload.image }} - cache: 'true' - format: "sarif" - output: "trivy-image-results.sarif" - exit-code: "1" - ignore-unfixed: true - vuln-type: "os,library" - severity: "CRITICAL,HIGH" - env: - TRIVY_CACHE_DIR: .cache/trivy - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true + # - name: Run Trivy vulnerability scanner on image + # if: github.event.client_payload.image != '' + # uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 + # with: + # version: 'v0.57.2' + # image-ref: ${{ github.event.client_payload.image }} + # cache: 'true' + # format: "sarif" + # output: "trivy-image-results.sarif" + # exit-code: "1" + # ignore-unfixed: true + # vuln-type: "os,library" + # severity: "CRITICAL,HIGH" + # env: + # TRIVY_CACHE_DIR: .cache/trivy + # TRIVY_SKIP_DB_UPDATE: true + # TRIVY_SKIP_JAVA_DB_UPDATE: true - # Upload image scan results - - name: Upload Trivy image scan results - uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 - with: - sarif_file: "trivy-image-results.sarif" - category: trivy-image + # # Upload image scan results + # - name: Upload Trivy image scan results + # uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + # with: + # sarif_file: "trivy-image-results.sarif" + # category: trivy-image # Filesystem scanning - name: Run Trivy filesystem scan uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # v0.28.0 with: - version: 'v0.57.2' + version: 'latest' scan-type: 'fs' cache: 'true' format: 'sarif' @@ -82,8 +85,8 @@ jobs: ignore-unfixed: true env: TRIVY_CACHE_DIR: .cache/trivy - TRIVY_SKIP_DB_UPDATE: true - TRIVY_SKIP_JAVA_DB_UPDATE: true + # TRIVY_SKIP_DB_UPDATE: true + # TRIVY_SKIP_JAVA_DB_UPDATE: true # Upload filesystem scan results - name: Upload Trivy filesystem scan results