Sync Trivy scan config with remix template

digitalservicebund · Oct 10, 2024 · 75aa932 · 75aa932
1 parent 91d638b
commit 75aa932
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -155,6 +155,7 @@ jobs:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
           image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
+          scanners: "vuln"
           format: "cosign-vuln"
           output: "vulnerabilities.json"
 

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -29,8 +29,8 @@ jobs:
           # specify multiple registries: try default GitHub registry, if too many requests, use the aws mirror
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
         with:
+          scanners: "vuln"
           scan-type: "fs"
-          skip-dirs: "node_modules" # See https://github.com/aquasecurity/trivy/issues/1283
           format: "sarif"
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"