Merge pull request #130 from catenax-ng/trivy-changes

chore: Modification in trivy workflow

.github/workflows/trivy.yml

@@ -1,6 +1,6 @@
 #################################################################################
-# Copyright (c) 2022,2023 T-Systems International GmbH
-# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation
+# Copyright (c) 2022,2024 T-Systems International GmbH
+# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation
 #
 # See the NOTICE file(s) distributed with this work for additional
 # information regarding copyright ownership.
@@ -19,36 +19,34 @@
 ################################################################################
 
 name: "Trivy"
+
 on:
-  push:
-    branches: 
-     - main
   schedule:
-    # Once a day
-    - cron: "0 0 * * *"   
+    - cron: "0 0 * * 0"
   workflow_dispatch:
-  # Trigger manually
 
 jobs:
-  analyze-config:
+  analyze:
+    name: Analyze
     runs-on: ubuntu-latest
     permissions:
       actions: read
       contents: read
       security-events: write
 
     steps:
-
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.18.0
         with:
-          # Path to Docker image
-          image-ref: "tractusx/managed-service-orchestrator:latest"
+          image-ref: "tractusx/managed-service-orchestrator:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner
           format: "sarif"
           output: "trivy-results.sarif"
-          vuln-type: "os,library"
+          exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
+          severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH).
+          hide-progress: false
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
+        if: always()
         with:
           sarif_file: "trivy-results.sarif"

README.md

@@ -13,7 +13,7 @@ This service will help service provider to set up DFT/SDE with EDC and EDC as se
 
 ```shell
 Application version: 1.5.4
-Helm release version: 1.5.6
+Helm release version: 1.5.7
 ```
 
 # Container images

charts/orchestrator/Chart.yaml

@@ -38,7 +38,7 @@ sources:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.5.6
+version: 1.5.7
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/orchestrator/README.md

@@ -1,6 +1,6 @@
 # managed-service-orchestrator
 
-![Version: 1.5.6](https://img.shields.io/badge/Version-1.5.6-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.4](https://img.shields.io/badge/AppVersion-1.5.4-informational?style=flat-square)
+![Version: 1.5.7](https://img.shields.io/badge/Version-1.5.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.5.4](https://img.shields.io/badge/AppVersion-1.5.4-informational?style=flat-square)
 
 This service will help service provider to set up DFT/SDE with EDC and EDC as service in service provider environment.
 
@@ -42,9 +42,9 @@ This service will help service provider to set up DFT/SDE with EDC and EDC as se
 | portContainer | int | `9999` |  |
 | postgresql.auth.database | string | `"testdb"` |  |
 | postgresql.auth.existingSecret | string | `""` |  |
-| postgresql.auth.password | string | `"default"` |  |
+| postgresql.auth.password | string | `""` |  |
 | postgresql.auth.port | int | `5432` |  |
-| postgresql.auth.postgresPassword | string | `"default"` |  |
+| postgresql.auth.postgresPassword | string | `""` |  |
 | postgresql.auth.username | string | `"testuser"` |  |
 | postgresql.enabled | bool | `true` |  |
 | postgresql.fullnameOverride | string | `"postgresql"` |  |