-
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
ci(fix): Dependabot のコミットに対する Trivy CI が失敗してしまう問題の修正 (#647)
- Loading branch information
m2en
authored
Dec 24, 2022
1 parent
f3f09c4
commit 2653b0a
Showing
1 changed file
with
8 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,8 +5,12 @@ name: trivy scan | |
| # プッシュ時とプルリクエスト時に実行する | ||
| on: | ||
| push: | ||
| # Dependabot のプッシュでの Workflows は読み取り専用権限として実行される | ||
| # 上記の場合、Code Scanning は使用できないため Dependabot のプッシュはスキャン対象に含めない | ||
| branches: | ||
| - '!dependabot/**/main/**' | ||
| - main | ||
| # プルリクエストは今まで通り、Dependabot のコミットであってもスキャン可能 | ||
| pull_request: | ||
|
|
||
| jobs: | ||
|
|
@@ -23,12 +27,12 @@ jobs: | |
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/[email protected] | ||
| with: | ||
| image-ref: "oreorebot2" | ||
| format: "sarif" | ||
| image-ref: 'oreorebot2' | ||
| format: 'sarif' | ||
| security-checks: vuln | ||
| output: "trivy-results.sarif" | ||
| output: 'trivy-results.sarif' | ||
|
|
||
| - name: Upload Trivy scan results to GitHub Security | ||
| uses: github/codeql-action/upload-sarif@v2 | ||
| with: | ||
| sarif_file: "trivy-results.sarif" | ||
| sarif_file: 'trivy-results.sarif' | ||