Skip to content

Commit 42ce53f

Browse files
jfbusjfbus
committed
fixup! 👷 ci(trivy): move trivy to cron
1 parent ddfa409 commit 42ce53f

3 files changed

Lines changed: 24 additions & 16 deletions

File tree

.github/workflows/trivy.yml

Lines changed: 22 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +1,15 @@
1-
name: Build
1+
name: Trivy
22

33
on:
44
push:
55
branches:
66
- kubernetes-*
77
- main
8+
pull_request:
9+
branches:
10+
- main
11+
paths:
12+
- ".github/workflows/trivy.yml"
813
schedule:
914
- cron: "28 6 * * 0"
1015
workflow_dispatch:
@@ -13,18 +18,31 @@ permissions:
1318
contents: read
1419

1520
jobs:
16-
Trivy:
21+
trivy:
1722
runs-on: ubuntu-latest
1823
steps:
1924
- name: ⬇️ Checkout repository
2025
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
2126
- name: Image
22-
run: bash -c "make build-image"
27+
id: image
28+
run: |
29+
make build-image
30+
env:
31+
VERSION: ${{ github.sha }}
2332
- name: 🔎 Trivy-Scan
2433
id: trivyscan
2534
run: make trivy-scan
35+
uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v0.33.1
36+
with:
37+
image-ref: outscale/cloud-provider-osc:${{ github.sha }}
38+
format: 'sarif'
39+
output: 'trivy-results.sarif'
40+
severity: 'CRITICAL,HIGH'
41+
trivyignores: '.trivyignore'
42+
version: 'v0.69.3'
43+
vuln-type: 'image'
2644
- name: ⬆️ Upload Trivy results
2745
if: ${{ github.event_name != 'pull_request' }}
2846
uses: github/codeql-action/upload-sarif@v4
2947
with:
30-
sarif_file: './.trivyscan/report.sarif'
48+
sarif_file: 'trivy-results.sarif'

.trivyignore

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,10 +0,0 @@
1-
# github.com/emicklei/go-restful
2-
CVE-2022-1996
3-
# https://github.com/advisories/GHSA-69cg-p879-7622
4-
CVE-2022-27664
5-
# https://avd.aquasec.com/nvd/cve-2022-32149
6-
CVE-2022-32149
7-
# https://avd.aquasec.com/nvd/2023/cve-2023-45142
8-
CVE-2023-45142
9-
# https://avd.aquasec.com/nvd/2023/cve-2023-47108
10-
CVE-2023-47108

Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ E2E_FOCUS ?= e2e
4545

4646
OSC_REGION ?= eu-west-2
4747

48-
TRIVY_IMAGE := aquasec/trivy:0.62.1
48+
TRIVY_IMAGE := aquasec/trivy:0.69.3
4949

5050
.PHONY: help
5151
help:
@@ -189,7 +189,7 @@ helm-package:
189189
# Copy docs into the archive for ArtfactHub, symlink does not work with helm-git
190190
cp docs/CHANGELOG.md docs/README.md LICENSE deploy/k8s-osc-ccm/
191191
helm package deploy/k8s-osc-ccm -d out-helm
192-
rm deploy/k8s-osc-ccm/CHANGELOG.md deploy/k8s-osc-ccm/README.md deploy/k8s-osc-ccm/LICENSE
192+
rm deploy/k8s-osc-ccm/CHANGELOG.md deploy/k8s-osc-ccm/README.md deploy/k8s-osc-ccm/LICENSE
193193

194194
helm-push: helm-package
195195
helm push out-helm/*.tgz oci://registry-1.docker.io/${DOCKER_USER}

0 commit comments

Comments
 (0)