|
1 | 1 | ## Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. |
2 | 2 | ## SPDX-License-Identifier: Apache-2.0 |
3 | 3 | # Performs a daily scan of: |
4 | | -# * The X-Ray Python SDK source code, using Trivy |
| 4 | +# * The X-Ray Python SDK published artifact dependencies, using Trivy |
5 | 5 | # * Project dependencies, using DependencyCheck |
6 | 6 | # |
7 | 7 | # Publishes results to CloudWatch Metrics. |
@@ -79,26 +79,26 @@ jobs: |
79 | 79 | if: ${{ steps.dep_scan.outcome != 'success' }} |
80 | 80 | run: less dependency-check-report.html |
81 | 81 |
|
82 | | - - name: Perform high severity scan on built artifacts |
| 82 | + - name: Perform high severity scan on published artifact dependencies |
83 | 83 | if: always() |
84 | 84 | id: high_scan_latest |
85 | 85 | uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2 |
86 | 86 | with: |
87 | 87 | scan-type: 'fs' |
88 | | - scan-ref: '.' |
| 88 | + scan-ref: 'scan-target/' |
89 | 89 | severity: 'CRITICAL,HIGH' |
90 | 90 | exit-code: '1' |
91 | 91 | scanners: 'vuln' |
92 | 92 | env: |
93 | 93 | TRIVY_IGNOREFILE: .github/trivy/daily-scan.trivyignore.yaml |
94 | 94 |
|
95 | | - - name: Perform low severity scan on built artifacts |
| 95 | + - name: Perform low severity scan on published artifact dependencies |
96 | 96 | if: always() |
97 | 97 | id: low_scan_latest |
98 | 98 | uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # v0.34.2 |
99 | 99 | with: |
100 | 100 | scan-type: 'fs' |
101 | | - scan-ref: '.' |
| 101 | + scan-ref: 'scan-target/' |
102 | 102 | severity: 'MEDIUM,LOW,UNKNOWN' |
103 | 103 | exit-code: '1' |
104 | 104 | scanners: 'vuln' |
|
0 commit comments