From 5b332d8f5729c1cc1ff26a87ee1548426932f2d6 Mon Sep 17 00:00:00 2001 From: Christian Nicolai Date: Sun, 30 Aug 2020 11:34:26 +0200 Subject: [PATCH] ci: ignore false-positive 3rd party lockfiles for trivy - uses newly released `--skip-dirs` flag of Trivy 0.11.0 --- .github/workflows/vulnscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnscan.yml b/.github/workflows/vulnscan.yml index 62675df..12e5088 100644 --- a/.github/workflows/vulnscan.yml +++ b/.github/workflows/vulnscan.yml @@ -34,7 +34,7 @@ jobs: for image in $ALL_IMAGES; do if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then echo -e "\nScanning newest patch release $image of major v$major_version...\n" - if ! trivy image --skip-update --exit-code 1 "$image"; then + if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then EXIT_CODE=1 fi break