feat(ci): adjust trivy GH Action

- Adjust trigger branches - Use fixed version of Trivy action - Comment out broken config for now. Will be reactivated when moved to new repo.
DominikPinsel · Jul 14, 2023 · ee2f548 · ee2f548
1 parent fab2f10
commit ee2f548
Showing 1 changed file with 70 additions and 70 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -23,7 +23,7 @@ name: "Trivy"
 
 on:
   push:
-    branches: [main, develop]
+    branches: [main, development]
   # pull_request:
   # The branches below must be a subset of the branches above
   # branches: [ main, develop ]
@@ -49,7 +49,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.11.2
         with:
           scan-type: "config"
           # ignore-unfixed: true
@@ -64,71 +64,71 @@ jobs:
         if: always()
         with:
           sarif_file: "trivy-results1.sarif"
-
-  analyze-managed-identity-wallets-service:
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # It's also possible to scan your private registry with Trivy's built-in image scan.
-      # All you have to do is set ENV vars.
-      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
-      # You don't need to set ENV vars when downloading from a public repository.
-      # For public images, no ENV vars must be set.
-      - name: Run Trivy vulnerability scanner
-        if: always()
-        uses: aquasecurity/trivy-action@master
-        with:
-          # Path to Docker image
-          image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest"
-          format: "sarif"
-          output: "trivy-results3.sarif"
-          exit-code: "1"
-          severity: "CRITICAL,HIGH"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        if: always()
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: "trivy-results3.sarif"
-
-  analyze-managed-identity-wallets-service-develop:
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/develop'
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-
-      # It's also possible to scan your private registry with Trivy's built-in image scan.
-      # All you have to do is set ENV vars.
-      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
-      # You don't need to set ENV vars when downloading from a public repository.
-      # For public images, no ENV vars must be set.
-      - name: Run Trivy vulnerability scanner
-        if: always()
-        uses: aquasecurity/trivy-action@master
-        with:
-          # Path to Docker image
-          image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop"
-          format: "sarif"
-          output: "trivy-results3.sarif"
-          exit-code: "1"
-          severity: "CRITICAL,HIGH"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        if: always()
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: "trivy-results3.sarif"
+#
+#  analyze-managed-identity-wallet-service:
+#    runs-on: ubuntu-latest
+#    if: github.ref == 'refs/heads/main'
+#    permissions:
+#      actions: read
+#      contents: read
+#      security-events: write
+#
+#    steps:
+#      - name: Checkout repository
+#        uses: actions/checkout@v3
+#
+#      # It's also possible to scan your private registry with Trivy's built-in image scan.
+#      # All you have to do is set ENV vars.
+#      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+#      # You don't need to set ENV vars when downloading from a public repository.
+#      # For public images, no ENV vars must be set.
+#      - name: Run Trivy vulnerability scanner
+#        if: always()
+#        uses: aquasecurity/trivy-action@0.11.2
+#        with:
+#          # Path to Docker image
+#          image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest"
+#          format: "sarif"
+#          output: "trivy-results3.sarif"
+#          exit-code: "1"
+#          severity: "CRITICAL,HIGH"
+#
+#      - name: Upload Trivy scan results to GitHub Security tab
+#        if: always()
+#        uses: github/codeql-action/upload-sarif@v2
+#        with:
+#          sarif_file: "trivy-results3.sarif"
+#
+#  analyze-managed-identity-wallet-service-development:
+#    runs-on: ubuntu-latest
+#    if: github.ref == 'refs/heads/development'
+#    permissions:
+#      actions: read
+#      contents: read
+#      security-events: write
+#
+#    steps:
+#      - name: Checkout repository
+#        uses: actions/checkout@v3
+#
+#      # It's also possible to scan your private registry with Trivy's built-in image scan.
+#      # All you have to do is set ENV vars.
+#      # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+#      # You don't need to set ENV vars when downloading from a public repository.
+#      # For public images, no ENV vars must be set.
+#      - name: Run Trivy vulnerability scanner
+#        if: always()
+#        uses: aquasecurity/trivy-action@0.11.2
+#        with:
+#          # Path to Docker image
+#          image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop"
+#          format: "sarif"
+#          output: "trivy-results3.sarif"
+#          exit-code: "1"
+#          severity: "CRITICAL,HIGH"
+#
+#      - name: Upload Trivy scan results to GitHub Security tab
+#        if: always()
+#        uses: github/codeql-action/upload-sarif@v2
+#        with:
+#          sarif_file: "trivy-results3.sarif"