From 2a10c38f56f0896dab85e7f0cfd0d673179018c7 Mon Sep 17 00:00:00 2001 From: David van der Spek Date: Wed, 25 Jan 2023 23:08:32 +0100 Subject: [PATCH 1/2] Enable trivy for scanning the artifact --- .github/workflows/trivy-artifact-scan.yaml | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/trivy-artifact-scan.yaml b/.github/workflows/trivy-artifact-scan.yaml index 916204627..12c522fef 100644 --- a/.github/workflows/trivy-artifact-scan.yaml +++ b/.github/workflows/trivy-artifact-scan.yaml @@ -1,17 +1,17 @@ name: Trivy Artifact Scanning on: - # push: - # branches: [ master ] - # paths: - # - "plural/**" - # - ".github/workflows/trivy-artifact-scan.yaml" - # pull_request: - # branches: [ master ] - # paths: - # - "plural/**" - # - ".github/workflows/trivy-artifact-scan.yaml" - # schedule: - # - cron: '0 0 * * 1' + push: + branches: [ master ] + paths: + - "plural/**" + - ".github/workflows/trivy-artifact-scan.yaml" + pull_request: + branches: [ master ] + paths: + - "plural/**" + - ".github/workflows/trivy-artifact-scan.yaml" + schedule: + - cron: '0 0 * * 1' workflow_dispatch: jobs: trivy-scan: From aca0442377d35fd072637732e9fcf0ae037a57e5 Mon Sep 17 00:00:00 2001 From: David van der Spek Date: Thu, 26 Jan 2023 00:05:05 +0100 Subject: [PATCH 2/2] Remove scanref and use skip-dirs instead --- .github/workflows/trivy-artifact-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy-artifact-scan.yaml b/.github/workflows/trivy-artifact-scan.yaml index 12c522fef..0b59b7da4 100644 --- a/.github/workflows/trivy-artifact-scan.yaml +++ b/.github/workflows/trivy-artifact-scan.yaml @@ -28,7 +28,7 @@ jobs: uses: aquasecurity/trivy-action@master with: scan-type: 'fs' - scan-ref: 'plural' + skip-dirs: '.github,.stoat,apps,bin,config,rel,testdata,www' hide-progress: false format: 'sarif' output: 'trivy-results.sarif'