Skip to content

Commit

Permalink
Make trivy scan tentative to overcome rate limits
Browse files Browse the repository at this point in the history
Related to aquasecurity/trivy-action#389

Signed-off-by: Oleksandr Porunov <alexandr.porunov@gmail.com>
  • Loading branch information
porunov committed Nov 5, 2024
1 parent e65a922 commit 1dae22f
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions .github/workflows/ci-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -108,14 +108,23 @@ jobs:
export JG_VER="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)-$(git rev-parse --short HEAD)"
echo "JG_VER=${JG_VER}" >> $GITHUB_ENV
- name: Run Trivy vulnerability scanner
id: trivy_scan_step
if: github.repository == 'janusgraph/janusgraph'
uses: aquasecurity/trivy-action@0.24.0
# TODO: currently this step is tentative because of the rate-limiting issue.
# Thus, we add `continue-on-error: true` here, but we should remove it
# when either the issue is fixed (see: https://github.com/aquasecurity/trivy-action/issues/389)
# or we self-host trivy database.
uses: aquasecurity/trivy-action@0.28.0
continue-on-error: true
with:
image-ref: 'ghcr.io/janusgraph/janusgraph:${{ env.JG_VER }}${{ matrix.tag_suffix }}'
format: 'sarif'
output: 'trivy-results.sarif'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
if: github.repository == 'janusgraph/janusgraph'
if: github.repository == 'janusgraph/janusgraph' && success() && steps.trivy_scan_step.outcome == 'success'
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
Expand Down

0 comments on commit 1dae22f

Please sign in to comment.