From ede6f0996198c2e119902bdc6ca62c8aa9c59193 Mon Sep 17 00:00:00 2001
From: holomekc <30546982+holomekc@users.noreply.github.com>
Date: Wed, 27 Dec 2023 00:31:09 +0100
Subject: [PATCH] -add scanning for docker images

---
 .github/workflows/docker-image-scan.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/docker-image-scan.yml b/.github/workflows/docker-image-scan.yml
index 8c09c445b6..596f2c7b49 100644
--- a/.github/workflows/docker-image-scan.yml
+++ b/.github/workflows/docker-image-scan.yml
@@ -20,6 +20,15 @@ jobs:
           sha=$(gh api -H "${headers}" "${endpoint}" | jq --raw-output "${jqFilter}")
           echo "Trivy DB sha256:${sha}"
           echo "::set-output name=sha::${sha}"
+
+      - id: ignore-policies
+        name: Ignore some policies
+        run: |
+          cat > .trivyignore << EOL
+          # Ignore gosu issue. They say they are not affected. Issue will be removed as soon
+          # as wiremock image updates to a newer gosu verion, which removed runc.
+          CVE-2023-27561
+          EOL
       - uses: actions/cache@v3
         with:
           path: .trivy
@@ -33,6 +42,7 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
+          hide-progress: true
           cache-dir: .trivy
       - name: Fix .trivy permissions
         run: sudo chown -R $(stat . -c %u:%g) .trivy