From 6ed0799f49fc9f85b16ec2ddcece1a298bd4594d Mon Sep 17 00:00:00 2001
From: Christian Nicolai <cn@mycrobase.de>
Date: Sun, 30 Aug 2020 11:41:23 +0200
Subject: [PATCH] ci: improve ignore of false-positives on 3rd party lockfiles

- amends https://github.com/cmur2/dyndnsd/commit/5b332d8f5729c1cc1ff26a87ee1548426932f2d6
---
 .github/workflows/vulnscan.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/vulnscan.yml b/.github/workflows/vulnscan.yml
index 12e5088..0891f2b 100644
--- a/.github/workflows/vulnscan.yml
+++ b/.github/workflows/vulnscan.yml
@@ -23,6 +23,8 @@ jobs:
       run: |
         trivy image --download-db-only
     - name: Scan vulnerabilities using Trivy
+      env:
+        TRIVY_SKIP_DIRS: '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock'
       run: |
         trivy --version
 
@@ -34,7 +36,7 @@ jobs:
           for image in $ALL_IMAGES; do
             if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
               echo -e "\nScanning newest patch release $image of major v$major_version...\n"
-              if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then
+              if ! trivy image --skip-update --exit-code 1 "$image"; then
                 EXIT_CODE=1
               fi
               break