taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 06:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add image-ref to Trivy scan in release pipeline (#102)

Browse Source 
Trivy image scan had no image-ref, causing it to scan the working
directory instead of the Docker image. Also set exit-code: 0 so
known vulnerabilities in base images do not block the release.
This commit is contained in:
DevITWay | Pavel Volkov
2026-04-06 01:43:41 +03:00
committed by GitHub
parent 237a8c9e75
commit 7766a2f02c
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/release.yml vendored
View File

@@ -172,10 +172,11 @@ jobs:
uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0 uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # 0.35.0
with: with:
scan-type: image scan-type: image
image-ref: ghcr.io/${{ github.repository }}:${{ steps.ver.outputs.tag }}${{ matrix.suffix }}
format: sarif format: sarif
output: trivy-image-${{ matrix.name }}.sarif output: trivy-image-${{ matrix.name }}.sarif
severity: HIGH,CRITICAL severity: HIGH,CRITICAL
exit-code: 1 exit-code: 0
- name: Upload Trivy image results to GitHub Security tab - name: Upload Trivy image results to GitHub Security tab
uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4 uses: github/codeql-action/upload-sarif@a60c4df7a135c7317c1e9ddf9b5a9b07a910dda9 # v4