mirror of
https://github.com/cmur2/dyndnsd.git
synced 2024-12-22 10:54:23 +01:00
ci: improve ignore of false-positives on 3rd party lockfiles
- amends 5b332d8f57
This commit is contained in:
parent
5b332d8f57
commit
6ed0799f49
4
.github/workflows/vulnscan.yml
vendored
4
.github/workflows/vulnscan.yml
vendored
@ -23,6 +23,8 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
trivy image --download-db-only
|
trivy image --download-db-only
|
||||||
- name: Scan vulnerabilities using Trivy
|
- name: Scan vulnerabilities using Trivy
|
||||||
|
env:
|
||||||
|
TRIVY_SKIP_DIRS: '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock'
|
||||||
run: |
|
run: |
|
||||||
trivy --version
|
trivy --version
|
||||||
|
|
||||||
@ -34,7 +36,7 @@ jobs:
|
|||||||
for image in $ALL_IMAGES; do
|
for image in $ALL_IMAGES; do
|
||||||
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
|
||||||
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
|
echo -e "\nScanning newest patch release $image of major v$major_version...\n"
|
||||||
if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then
|
if ! trivy image --skip-update --exit-code 1 "$image"; then
|
||||||
EXIT_CODE=1
|
EXIT_CODE=1
|
||||||
fi
|
fi
|
||||||
break
|
break
|
||||||
|
Loading…
Reference in New Issue
Block a user