Skip to content

Commit e71ade8

Browse files
authored
Merge branch 'master' into add-suppression-files
2 parents 70ad873 + 3e04555 commit e71ade8

1 file changed

Lines changed: 5 additions & 5 deletions

File tree

.github/workflows/daily-scan.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
## Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
22
## SPDX-License-Identifier: Apache-2.0
33
# Performs a daily scan of:
4-
# * The X-Ray Python SDK source code, using Trivy
4+
# * The X-Ray Python SDK published artifact dependencies, using Trivy
55
# * Project dependencies, using DependencyCheck
66
#
77
# Publishes results to CloudWatch Metrics.
@@ -79,26 +79,26 @@ jobs:
7979
if: ${{ steps.dep_scan.outcome != 'success' }}
8080
run: less dependency-check-report.html
8181

82-
- name: Perform high severity scan on built artifacts
82+
- name: Perform high severity scan on published artifact dependencies
8383
if: always()
8484
id: high_scan_latest
8585
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
8686
with:
8787
scan-type: 'fs'
88-
scan-ref: '.'
88+
scan-ref: 'scan-target/'
8989
severity: 'CRITICAL,HIGH'
9090
exit-code: '1'
9191
scanners: 'vuln'
9292
env:
9393
TRIVY_IGNOREFILE: .github/trivy/daily-scan.trivyignore.yaml
9494

95-
- name: Perform low severity scan on built artifacts
95+
- name: Perform low severity scan on published artifact dependencies
9696
if: always()
9797
id: low_scan_latest
9898
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2
9999
with:
100100
scan-type: 'fs'
101-
scan-ref: '.'
101+
scan-ref: 'scan-target/'
102102
severity: 'MEDIUM,LOW,UNKNOWN'
103103
exit-code: '1'
104104
scanners: 'vuln'

0 commit comments

Comments
 (0)