Skip to content

Commit

Permalink
Fix trivy workflow (#201)
Browse files Browse the repository at this point in the history
<!-- Thank you for your contribution. Before you submit the pull
request:
1. Follow contributing guidelines, templates, the recommended Git
workflow, and any related documentation.
2. Read and submit the required Contributor Licence Agreements
(https://github.com/kyma-project/community/blob/main/CONTRIBUTING.md#agreements-and-licenses).
3. Test your changes and attach their results to the pull request.
4. Update the relevant documentation.

If the pull request requires a decision, follow the [decision-making
process](https://github.com/kyma-project/community/blob/main/governance.md)
and replace the PR template with the [decision record
template](https://github.com/kyma-project/community/blob/main/.github/ISSUE_TEMPLATE/decision-record.md).
-->

**Description**

Changes proposed in this pull request:

- update sarif upload action
- install trivy

**Related issue(s)**
<!-- If you refer to a particular issue, provide its number. For
example, `Resolves #123`, `Fixes #43`, or `See also #33`. -->
  • Loading branch information
VOID404 authored Aug 14, 2024
2 parents f9dde24 + 0b00ee7 commit c3ec6cd
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions .github/workflows/compass-manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -99,15 +99,21 @@ jobs:
format: json
output: 'trivy-results.json'

- name: Install trivy
run: |
mkdir ./trivy
curl -L https://github.com/aquasecurity/trivy/releases/download/v0.49.1/trivy_0.49.1_Linux-64bit.tar.gz | tar xvz --directory=./trivy
./trivy/trivy --version
- name: Convert results
if: success() || failure()
run: |
trivy convert -f table -o trivy-results.txt trivy-results.json
trivy convert -f sarif -o trivy-results.sarif trivy-results.json
./trivy/trivy convert -f table -o trivy-results.txt trivy-results.json
./trivy/trivy convert -f sarif -o trivy-results.sarif trivy-results.json
- name: Upload Trivy scan results to GitHub Security tab
if: success() || failure()
uses: github/codeql-action/upload-sarif@v2
if: (success() || failure()) && github.ref == 'refs/heads/main'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'

Expand Down

0 comments on commit c3ec6cd

Please sign in to comment.