Merge pull request #7320 from MohamedSabthar/mstr

Update trivy scan template to use latest version
ballerina-platform · Nov 1, 2024 · f4eb34b · f4eb34b
2 parents c36b8a0 + cc0ff08
commit f4eb34b
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 10 deletions.
diff --git a/.github/workflows/central-publish-template.yml b/.github/workflows/central-publish-template.yml
@@ -43,13 +43,14 @@ jobs:
         run: mkdir -p ballerina/lib
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: "rootfs"
-          scan-ref: "/github/workspace/ballerina/lib"
+          scan-ref: "${{ github.workspace }}/ballerina/lib"
           format: "table"
           timeout: "10m0s"
           exit-code: "1"
+          scanners: "vuln"
 
       - name: Ballerina Central Dev Push
         if: ${{ inputs.environment == 'DEV CENTRAL' }}

diff --git a/.github/workflows/release-package-connector-template.yml b/.github/workflows/release-package-connector-template.yml
@@ -68,14 +68,15 @@ jobs:
         run: mkdir -p ballerina/lib
 
       - name: Run Trivy Vulnerability Scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: "rootfs"
-          scan-ref: "/github/workspace/ballerina/lib"
+          scan-ref: "${{ github.workspace }}/ballerina/lib"
           format: "table"
           timeout: "10m0s"
           exit-code: "1"
           skip-dirs: "examples"
+          scanners: "vuln"
 
       - name: Get Release Version
         run: echo "VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut -d- -f2 | rev)" >> $GITHUB_ENV

diff --git a/.github/workflows/release-package-template.yml b/.github/workflows/release-package-template.yml
@@ -50,13 +50,14 @@ jobs:
         run: mkdir -p ballerina/lib
 
       - name: Run Trivy Vulnerability Scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: "rootfs"
-          scan-ref: "/github/workspace/ballerina/lib"
+          scan-ref: "${{ github.workspace }}/ballerina/lib"
           format: "table"
           timeout: "10m0s"
           exit-code: "1"
+          scanners: "vuln"
 
       - name: Get Release Version
         run: echo "VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut --complement -d- -f1 | rev)" >> $GITHUB_ENV

diff --git a/.github/workflows/s4hana-release-template.yml b/.github/workflows/s4hana-release-template.yml
@@ -60,14 +60,15 @@ jobs:
           ./gradlew build -x test 
 
       - name: Run Trivy Vulnerability Scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: "rootfs"
-          scan-ref: "/github/workspace/ballerina"
+          scan-ref: "${{ github.workspace }}/ballerina"
           format: "table"
           timeout: "10m0s"
           exit-code: "1"
           skip-dirs: "resources"
+          scanners: "vuln"
 
       - name: Get Release Version
         run: echo "VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut -d- -f2 | rev)" >> $GITHUB_ENV

diff --git a/.github/workflows/s4hana-trivy-scan.yml b/.github/workflows/s4hana-trivy-scan.yml
@@ -26,11 +26,12 @@ jobs:
         run: ./gradlew build -x test -x :${{ inputs.hana-connector-group }}-examples:build -x:${{ inputs.hana-connector-group }}-sanitation:build
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.23.0
+        uses: aquasecurity/trivy-action@master
         with:
           scan-type: "rootfs"
-          scan-ref: "/github/workspace/ballerina"
+          scan-ref: "${{ github.workspace }}/ballerina"
           format: "table"
           timeout: "10m0s"
           exit-code: "1"
           skip-dirs: "resources"
+          scanners: "vuln"