ci: improve ignore of false-positives on 3rd party lockfiles

- amends 5b332d8f57
This commit is contained in:
Christian Nicolai 2020-08-30 11:41:23 +02:00 committed by GitHub
parent 5b332d8f57
commit 6ed0799f49
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions

View File

@ -23,6 +23,8 @@ jobs:
run: | run: |
trivy image --download-db-only trivy image --download-db-only
- name: Scan vulnerabilities using Trivy - name: Scan vulnerabilities using Trivy
env:
TRIVY_SKIP_DIRS: '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock'
run: | run: |
trivy --version trivy --version
@ -34,7 +36,7 @@ jobs:
for image in $ALL_IMAGES; do for image in $ALL_IMAGES; do
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
echo -e "\nScanning newest patch release $image of major v$major_version...\n" echo -e "\nScanning newest patch release $image of major v$major_version...\n"
if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then if ! trivy image --skip-update --exit-code 1 "$image"; then
EXIT_CODE=1 EXIT_CODE=1
fi fi
break break