Skip to content

Commit

Permalink
omit kubectl binary in build trivy scans
Browse files Browse the repository at this point in the history
  • Loading branch information
groundnuty committed Nov 23, 2022
1 parent 47c838d commit 79b1f15
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/build-and-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,15 @@ jobs:
exit-code: 1
format: 'sarif'
output: 'trivy-results-root.sarif'
skip-files: /usr/local/bin/kubectl
- name: Run Trivy Vulnerability Scanner for Non-Root Image
uses: aquasecurity/trivy-action@master
with:
image-ref: 'ghcr.io/groundnuty/k8s-wait-for:no-root-latest'
exit-code: 1
format: 'sarif'
output: 'trivy-results-non-root.sarif'
skip-files: /usr/local/bin/kubectl
# just upload root scan results
- name: Upload Trivy Scan Results to GitHub Security Tab
uses: github/codeql-action/upload-sarif@v2
Expand Down

0 comments on commit 79b1f15

Please sign in to comment.