mirror of
https://github.com/super-linter/super-linter.git
synced 2024-12-22 07:12:11 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455)
* enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found
This commit is contained in:
parent
a908937c78
commit
786e7056de
2 changed files with 44 additions and 44 deletions
85
.github/workflows/trivy.yml
vendored
85
.github/workflows/trivy.yml
vendored
|
@ -1,47 +1,46 @@
|
|||
# Disabling trivy scans while they get troubleshooting for failures
|
||||
# ---
|
||||
# name: Container Security Scan with Trivy
|
||||
# on:
|
||||
# push:
|
||||
# branches:
|
||||
# - master
|
||||
# pull_request:
|
||||
# jobs:
|
||||
# scan-container:
|
||||
# name: Build
|
||||
# runs-on: ubuntu-18.04
|
||||
# steps:
|
||||
# ######################
|
||||
# # Checkout code base #
|
||||
# ######################
|
||||
# - name: Checkout code
|
||||
# uses: actions/checkout@v2
|
||||
---
|
||||
name: Container Security Scan with Trivy
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
pull_request:
|
||||
jobs:
|
||||
scan-container:
|
||||
name: Build
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
######################
|
||||
# Checkout code base #
|
||||
######################
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
|
||||
# # ##########################
|
||||
# # # Build the docker image #
|
||||
# # ##########################
|
||||
# # - name: Build an image from Dockerfile
|
||||
# # run: |
|
||||
# # docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||||
# ##########################
|
||||
# # Build the docker image #
|
||||
# ##########################
|
||||
- name: Build an image from Dockerfile
|
||||
run: |
|
||||
docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||||
|
||||
# #################################
|
||||
# # Run Trivy Scan of source code #
|
||||
# #################################
|
||||
# - name: Trivy Scan
|
||||
# uses: aquasecurity/trivy-action@master
|
||||
# with:
|
||||
# scan-type: 'fs'
|
||||
# format: 'template'
|
||||
# exit-code: '1'
|
||||
# template: '@/contrib/sarif.tpl'
|
||||
# output: 'report.sarif'
|
||||
# severity: 'HIGH,CRITICAL'
|
||||
#################################
|
||||
# Run Trivy Scan of source code #
|
||||
#################################
|
||||
- name: Trivy Scan
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
scan-type: 'fs'
|
||||
format: 'template'
|
||||
template: '@/contrib/sarif.tpl'
|
||||
output: 'report.sarif'
|
||||
severity: 'HIGH,CRITICAL'
|
||||
|
||||
# #################################
|
||||
# # Upload report to security tab #
|
||||
# #################################
|
||||
# - name: Upload Trivy scan results to GitHub Security tab
|
||||
# uses: github/codeql-action/upload-sarif@v1
|
||||
# if: always()
|
||||
# with:
|
||||
# sarif_file: 'report.sarif'
|
||||
#################################
|
||||
# Upload report to security tab #
|
||||
#################################
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: 'report.sarif'
|
||||
|
|
|
@ -150,7 +150,8 @@ RUN pipenv install --clear --system
|
|||
####################
|
||||
RUN npm config set package-lock false \
|
||||
&& npm config set loglevel error \
|
||||
&& npm --no-cache install
|
||||
&& npm --no-cache install \
|
||||
&& npm audit fix
|
||||
|
||||
#############################
|
||||
# Add node packages to path #
|
||||
|
|
Loading…
Reference in a new issue