Skip to content

Commit

Permalink
re-enable and update trivy-action to version 0.29.0 in workflows
Browse files Browse the repository at this point in the history
  • Loading branch information
@jgadsden
jgadsden authored Nov 21, 2024
2 parents b328aa3 + a05ccb6 commit f25d301
Show file tree
Hide file tree
Showing 7 changed files with 596 additions and 109 deletions.
6 changes: 2 additions & 4 deletions .github/workflows/housekeeping.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,13 +52,11 @@ jobs:
close-pr-message: 'This PR was closed because it has been stalled for 28 days with no activity'

trivy:
name: Scan with trivy (disabled)
name: Scan with Trivy
runs-on: ubuntu-24.04
permissions:
contents: write
security-events: write
if: ${{ ! always() }}
# disable trivy until it can be reliably downloaded in the pipeline

steps:
- name: Checkout repository
Expand All @@ -67,7 +65,7 @@ jobs:
ref: main

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: '${{ env.IMAGE_NAME }}'
format: 'template'
Expand Down
10 changes: 4 additions & 6 deletions .github/workflows/pull_request.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,30 +327,28 @@ jobs:
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
scan_image_with_trivy:
name: Scan with trivy (disabled)
name: Scan with Trivy
runs-on: ubuntu-24.04
needs: build_docker_image
permissions:
contents: write
if: ${{ ! always() }}
# disable trivy until it can be reliably downloaded in the pipeline

steps:
- name: Checkout
uses: actions/[email protected]

- name: Download docker local image
- name: Retrieve local docker image
uses: actions/[email protected]
with:
name: ${{ env.IMAGE_NAME }}
path: /tmp

- name: Load docker local image
- name: Load local docker image
run: |
docker load --input /tmp/${{ env.IMAGE_NAME }}.tar
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: '${{ env.IMAGE_NAME }}'
format: 'table'
Expand Down
6 changes: 2 additions & 4 deletions .github/workflows/push.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,21 +432,19 @@ jobs:
cmd_options: '-a'

scan_image_with_trivy:
name: Scan image with trivy (disabled)
name: Scan image with Trivy
runs-on: ubuntu-24.04
needs: build_docker_image
permissions:
contents: write
security-events: write
if: ${{ ! always() }}
# disable trivy until it can be reliably downloaded in the pipeline

steps:
- name: Checkout
uses: actions/[email protected]

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
uses: aquasecurity/trivy-action@0.29.0
with:
image-ref: '${{ env.IMAGE_NAME }}'
format: 'template'
Expand Down
66 changes: 49 additions & 17 deletions td.server/package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions td.server/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@
"body-parser": ">=1.20.3",
"braces": ">=3.0.3",
"cookie": ">=0.7.0",
"cross-spawn@<7.0.0": "6.0.6",
"cross-spawn@>=7.0.0": ">=7.0.5",
"debug@<3.1.0": ">=4.3.4",
"follow-redirects": ">=1.15.6",
"got": ">=11.8.5",
Expand Down
Loading

0 comments on commit f25d301

Please sign in to comment.