diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index f1854fef..827999e9 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -40,12 +40,15 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # v0.20.0 + uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 with: image-ref: "tractusx/app-puris-frontend:latest" format: "sarif" output: "trivy-results-1.sarif" vuln-type: "os,library" + severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH). + exit-code: "1" + limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227 @@ -64,12 +67,15 @@ jobs: steps: # Pull image from Docker Hub and run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0 # v0.14.0 + uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0 with: image-ref: "tractusx/app-puris-backend:latest" format: "sarif" output: "trivy-results-2.sarif" vuln-type: "os,library" + severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH). + exit-code: "1" + limit-severities-for-sarif: true - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.227