diff options
| -rw-r--r-- | .github/workflows/tests.yml | 16 | ||||
| -rw-r--r-- | .grype.yaml | 4 |
2 files changed, 11 insertions, 9 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a557d95c..324c76ad 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -149,8 +149,14 @@ jobs: - name: Try to execute run: docker run --rm rr:local -v - - name: Install grype - run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - - name: Scan Image - run: grype rr:local + - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action> + with: + image-ref: rr:local + format: sarif + severity: MEDIUM,HIGH,CRITICAL + exit-code: 1 + output: trivy-results.sarif + + - uses: github/codeql-action/upload-sarif@v1 + if: always() + with: {sarif_file: trivy-results.sarif} diff --git a/.grype.yaml b/.grype.yaml deleted file mode 100644 index e65794d2..00000000 --- a/.grype.yaml +++ /dev/null @@ -1,4 +0,0 @@ -ignore: - # temporary ignore this CVE as false positive on the Go package - - vulnerability: CVE-2015-5237 - - vulnerability: CVE-2021-22570 |