diff options
Diffstat (limited to '.gitea')
| -rw-r--r-- | .gitea/workflows/release.yaml | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml index 6222f62..a5bad7a 100644 --- a/.gitea/workflows/release.yaml +++ b/.gitea/workflows/release.yaml @@ -48,20 +48,30 @@ jobs: tags: | rusian/gitolite-cgit:latest - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.27.0 + - name: Run Trivy scan + uses: astounds/trivy-action@v1 with: - image-ref: rusian/gitolite-cgit:latest + image: 'rusian/gitolite-cgit:latest' + severity: 'CRITICAL,HIGH' + pkg-types: 'os' format: 'table' exit-code: '1' - ignore-unfixed: true - vuln-type: 'os' - severity: 'CRITICAL,HIGH' - env: - TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2 - TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1 - TRIVY_SKIP_DB_UPDATE: false - TRIVY_SKIP_JAVA_DB_UPDATE: false + + # - name: Install Trivy + # run: | + # curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin + # trivy --version + + # - name: Run Trivy vulnerability scanner + # run: | + # trivy image rusian/gitolite-cgit:latest \ + # --format table \ + # --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db" \ + # --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1" \ + # --exit-code 1 \ + # --ignore-unfixed \ + # --pkg-types os \ + # --severity CRITICAL,HIGH - name: Push Docker image uses: docker/build-push-action@v6 |