Skip to content

Commit

Permalink
Only scan published images
Browse files Browse the repository at this point in the history
  • Loading branch information
@ahosgood
ahosgood committed Apr 5, 2024
1 parent efad520 commit c7e37fb
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion .github/workflows/_docker-build-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,7 @@ jobs:
tags: ${{ env.IMAGE_ID }}:latest
provenance: false
- name: Scan for vulnerabilities
if: inputs.publish
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.IMAGE_ID }}:${{ env.TAG }}
Expand All @@ -109,7 +110,7 @@ jobs:
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
if: always()
if: inputs.publish
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

0 comments on commit c7e37fb

Please sign in to comment.