update trivy scanning (#3284)

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
2025-03-31 03:45:17 +00:00 · 2022-02-23 08:10:07 +05:30 · 2022-02-23 08:10:07 +05:30 · 81ab535433
commit 81ab535433
parent 016771acde
2 changed files with 7 additions and 9 deletions
--- a/.github/workflows/image-build.yaml
+++ b/.github/workflows/image-build.yaml
@ -127,13 +127,12 @@ jobs:
          make docker-build-kyverno

      - name: Trivy Scan Image
-        uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
+        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
-          format: 'table'
-          exit-code: '1'
          ignore-unfixed: true
-          vuln-type: 'os,library'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'

  build-kyverno-cli:
--- a/.github/workflows/reuse.yaml
+++ b/.github/workflows/reuse.yaml
@ -78,13 +78,12 @@ jobs:

      - name: Run Trivy vulnerability scanner in repo mode
        if: ${{inputs.tag == 'release'}}
-        uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
-        with: 
+        uses: aquasecurity/trivy-action@master
+        with:
          scan-type: 'fs'
-          format: 'table'
-          exit-code: '1'
          ignore-unfixed: true
-          vuln-type: 'os,library'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
          severity: 'CRITICAL,HIGH'

      - name: Set Version