ci: improve ignore of false-positives on 3rd party lockfiles

- amends 5b332d8f57
2024-12-22 00:54:22 +01:00 · 2020-08-30 11:41:23 +02:00 · 2020-08-30 11:41:23 +02:00 · 6ed0799f49
commit 6ed0799f49
parent 5b332d8f57
1 changed files with 3 additions and 1 deletions
--- a/.github/workflows/vulnscan.yml
+++ b/.github/workflows/vulnscan.yml
@ -23,6 +23,8 @@ jobs:
      run: |
        trivy image --download-db-only
    - name: Scan vulnerabilities using Trivy
+      env:
+        TRIVY_SKIP_DIRS: '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock,/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-1.0.0/crossdock'
      run: |
        trivy --version

@ -34,7 +36,7 @@ jobs:
          for image in $ALL_IMAGES; do
            if [[ "$image" = cmur2/dyndnsd:v$major_version.* ]]; then
              echo -e "\nScanning newest patch release $image of major v$major_version...\n"
-              if ! trivy image --skip-update --exit-code 1 --skip-dirs '/usr/lib/ruby/gems/2.7.0/gems/jaeger-client-0.10.0/crossdock' "$image"; then
+              if ! trivy image --skip-update --exit-code 1 "$image"; then
                EXIT_CODE=1
              fi
              break