mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-25 10:10:56 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455)
* enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found
This commit is contained in:
parent
a908937c78
commit
786e7056de
2 changed files with 44 additions and 44 deletions
85
.github/workflows/trivy.yml
vendored
85
.github/workflows/trivy.yml
vendored
|
@ -1,47 +1,46 @@
|
||||||
# Disabling trivy scans while they get troubleshooting for failures
|
# Disabling trivy scans while they get troubleshooting for failures
|
||||||
# ---
|
---
|
||||||
# name: Container Security Scan with Trivy
|
name: Container Security Scan with Trivy
|
||||||
# on:
|
on:
|
||||||
# push:
|
push:
|
||||||
# branches:
|
branches:
|
||||||
# - master
|
- master
|
||||||
# pull_request:
|
pull_request:
|
||||||
# jobs:
|
jobs:
|
||||||
# scan-container:
|
scan-container:
|
||||||
# name: Build
|
name: Build
|
||||||
# runs-on: ubuntu-18.04
|
runs-on: ubuntu-18.04
|
||||||
# steps:
|
steps:
|
||||||
# ######################
|
######################
|
||||||
# # Checkout code base #
|
# Checkout code base #
|
||||||
# ######################
|
######################
|
||||||
# - name: Checkout code
|
- name: Checkout code
|
||||||
# uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
# # ##########################
|
# ##########################
|
||||||
# # # Build the docker image #
|
# # Build the docker image #
|
||||||
# # ##########################
|
# ##########################
|
||||||
# # - name: Build an image from Dockerfile
|
- name: Build an image from Dockerfile
|
||||||
# # run: |
|
run: |
|
||||||
# # docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||||||
|
|
||||||
# #################################
|
#################################
|
||||||
# # Run Trivy Scan of source code #
|
# Run Trivy Scan of source code #
|
||||||
# #################################
|
#################################
|
||||||
# - name: Trivy Scan
|
- name: Trivy Scan
|
||||||
# uses: aquasecurity/trivy-action@master
|
uses: aquasecurity/trivy-action@master
|
||||||
# with:
|
with:
|
||||||
# scan-type: 'fs'
|
scan-type: 'fs'
|
||||||
# format: 'template'
|
format: 'template'
|
||||||
# exit-code: '1'
|
template: '@/contrib/sarif.tpl'
|
||||||
# template: '@/contrib/sarif.tpl'
|
output: 'report.sarif'
|
||||||
# output: 'report.sarif'
|
severity: 'HIGH,CRITICAL'
|
||||||
# severity: 'HIGH,CRITICAL'
|
|
||||||
|
|
||||||
# #################################
|
#################################
|
||||||
# # Upload report to security tab #
|
# Upload report to security tab #
|
||||||
# #################################
|
#################################
|
||||||
# - name: Upload Trivy scan results to GitHub Security tab
|
- name: Upload Trivy scan results to GitHub Security tab
|
||||||
# uses: github/codeql-action/upload-sarif@v1
|
uses: github/codeql-action/upload-sarif@v1
|
||||||
# if: always()
|
if: always()
|
||||||
# with:
|
with:
|
||||||
# sarif_file: 'report.sarif'
|
sarif_file: 'report.sarif'
|
||||||
|
|
|
@ -150,7 +150,8 @@ RUN pipenv install --clear --system
|
||||||
####################
|
####################
|
||||||
RUN npm config set package-lock false \
|
RUN npm config set package-lock false \
|
||||||
&& npm config set loglevel error \
|
&& npm config set loglevel error \
|
||||||
&& npm --no-cache install
|
&& npm --no-cache install \
|
||||||
|
&& npm audit fix
|
||||||
|
|
||||||
#############################
|
#############################
|
||||||
# Add node packages to path #
|
# Add node packages to path #
|
||||||
|
|
Loading…
Reference in a new issue