Skip to content

Commit

Permalink
fix: Trivy TOOMANYREQUESTS GitHub API response by authenticating (#1053)
Browse files Browse the repository at this point in the history
  • Loading branch information
@SebastianOpriel
SebastianOpriel authored Oct 1, 2024
1 parent 213f003 commit 827808d
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 9 deletions.
10 changes: 6 additions & 4 deletions .github/workflows/license_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,32 +10,34 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Run license scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "rootfs"
scan-ref: "."
scanners: "license"
severity: "CRITICAL,HIGH"
exit-code: 1
github-pat: ${{ secrets.GITHUB_TOKEN }}
license_scan2:
name: License scan (repo)
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: npm install (typescript-client)
run: cd extensions/wrapper/clients/typescript-client && npm clean-install
- name: npm install (typescript-client-example)
run: cd extensions/wrapper/clients/typescript-client-example && npm clean-install
- name: Run license scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "repo"
scan-ref: "."
scanners: "license"
severity: "CRITICAL,HIGH"
exit-code: 1
github-pat: ${{ secrets.GITHUB_TOKEN }}
3 changes: 2 additions & 1 deletion .github/workflows/secret_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,10 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Run vulnerability scanner
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "fs"
exit-code: "1"
ignore-unfixed: true
scanners: secret
github-pat: ${{ secrets.GITHUB_TOKEN }}
6 changes: 4 additions & 2 deletions .github/workflows/security_scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,29 +12,31 @@ jobs:
- name: Checkout code
uses: actions/checkout@v4
- name: Run static analysis (rootfs)
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "rootfs"
scanners: "vuln,misconfig"
ignore-unfixed: true
format: "sarif"
output: "trivy-results-rootfs.sarif"
severity: "CRITICAL,HIGH"
github-pat: ${{ secrets.GITHUB_TOKEN }}
security_scan_repo:
name: security_scan_repo
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run static analysis (repo)
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: "repo"
scanners: "vuln,misconfig"
ignore-unfixed: true
format: "sarif"
output: "trivy-results-repo.sarif"
severity: "CRITICAL,HIGH"
github-pat: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab (repo)
uses: github/codeql-action/upload-sarif@v2
continue-on-error: true
Expand Down
5 changes: 3 additions & 2 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,18 @@ jobs:
timeout-minutes: 30
steps:
- name: Checkout code
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Run static analysis
uses: aquasecurity/trivy-action@master
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: 'fs'
security-checks: 'vuln,secret,config'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
github-pat: ${{ secrets.GITHUB_TOKEN }}


- name: Upload Trivy scan results to GitHub Security tab
Expand Down

0 comments on commit 827808d

Please sign in to comment.