From 81ab5354334d0955684cb6c58e341474ef899983 Mon Sep 17 00:00:00 2001
From: Naman Lakhwani <namanlakhwani@gmail.com>
Date: Wed, 23 Feb 2022 08:10:07 +0530
Subject: [PATCH] update trivy scanning (#3284)

Signed-off-by: Naman Lakhwani <namanlakhwani@gmail.com>
---
 .github/workflows/image-build.yaml | 7 +++----
 .github/workflows/reuse.yaml       | 9 ++++-----
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml
index a1a8e98452..024d4b90e2 100644
--- a/.github/workflows/image-build.yaml
+++ b/.github/workflows/image-build.yaml
@@ -127,13 +127,12 @@ jobs:
           make docker-build-kyverno
 
       - name: Trivy Scan Image
-        uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: 'fs'
-          format: 'table'
-          exit-code: '1'
           ignore-unfixed: true
-          vuln-type: 'os,library'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 
   build-kyverno-cli:
diff --git a/.github/workflows/reuse.yaml b/.github/workflows/reuse.yaml
index 0ce8a4d686..550feaf54d 100644
--- a/.github/workflows/reuse.yaml
+++ b/.github/workflows/reuse.yaml
@@ -78,13 +78,12 @@ jobs:
 
       - name: Run Trivy vulnerability scanner in repo mode
         if: ${{inputs.tag == 'release'}}
-        uses: aquasecurity/trivy-action@8f4c7160b470bafe4299efdc1c8a1fb495f8325a # v0.2.1
-        with: 
+        uses: aquasecurity/trivy-action@master
+        with:
           scan-type: 'fs'
-          format: 'table'
-          exit-code: '1'
           ignore-unfixed: true
-          vuln-type: 'os,library'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
 
       - name: Set Version