Merge pull request #72 from IABTechLab/gdm-UID2-3154-secret-scanning

Added vuln scan step during build pipeline
IABTechLab · Apr 29, 2024 · da150f5 · da150f5
2 parents 22550be + fa7e5d9
commit da150f5
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -29,6 +29,9 @@ jobs:
       - name: Build and run tests
         run: ./gradlew build
 
+      - name: Vulnerability Scan
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2
+
       - name: Deploy SNAPSHOT to Maven Central
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
         run: ./gradlew publish --stacktrace

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,5 @@
+# List any vulnerability that are to be accepted
+# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/
+# for more details
+# e.g.
+# CVE-2022-3996