Add vuln scanning step if trivy_url is not None

Azure · Jun 29, 2023 · a84cfd2 · a84cfd2
1 parent 5dfec22
commit a84cfd2
Showing 1 changed file with 12 additions and 10 deletions.
diff --git a/scripts/azureml-assets/azureml/assets/environment/build.py b/scripts/azureml-assets/azureml/assets/environment/build.py
@@ -64,16 +64,18 @@ def create_acr_task(image_name: str,
             'id': 'test',
             'cmd': f"$Registry/{image_name} {test_command}"
         })
-        task['steps'].append({
-            'id': 'scan',
-            'cmd': (
-                       f"$Registry/{image_name} "
-                       f"wget -O trivy.deb {trivy_url} && "
-                       "dpkg -i trivy.deb && "
-                       "trivy fs --scanners vuln /"
-                   ),
-            'ignoreErrors': True
-        })
+
+        if trivy_url is not None:
+            task['steps'].append({
+                'id': 'scan',
+                'cmd': (
+                        f"$Registry/{image_name} "
+                        f"wget -O trivy.deb {trivy_url} && "
+                        "dpkg -i trivy.deb && "
+                        "trivy fs --scanners vuln /"
+                    ),
+                'ignoreErrors': True
+            })
 
     # Add push step if requested
     if push: