Browse Source

ci: improve ignore of false-positives on 3rd party lockfiles

- amends 5b332d8f57
pull/64/head
Christian Nicolai 4 weeks ago
committed by GitHub
parent
commit
6ed0799f49
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
  1. +3
    -1
      .github/workflows/vulnscan.yml

+ 3
- 1
.github/workflows/vulnscan.yml View File

@@ -23,6 +23,8 @@ jobs:
run: |
trivy image --download-db-only
- name: Scan vulnerabilities using Trivy
env:
TRIVY_SKIP_DIRS: '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock'
run: |
trivy --version

@@ -34,7 +36,7 @@ jobs:
for image in $ALL_IMAGES; do
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then
if ! trivy image --skip-update --exit-code 1 "$image"; then
EXIT_CODE=1
fi
break


Loading…
Cancel
Save