From 3d9f5a2751215da733351e824d37fd2b0d2910e1 Mon Sep 17 00:00:00 2001 From: Aleksandr Chikovani Date: Wed, 6 Sep 2023 16:53:10 -0400 Subject: [PATCH] various fixes... --- .github/workflows/gradle-build.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml index 2087bf022..7ed60a320 100644 --- a/.github/workflows/gradle-build.yml +++ b/.github/workflows/gradle-build.yml @@ -53,6 +53,15 @@ jobs: context: . push: false tags: ghcr.io/${{ env.IMAGE_NAME }}:test + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'ghcr.io/${{ env.IMAGE_NAME }}:test' + format: 'table' + exit-code: '1' + ignore-unfixed: true + vuln-type: 'os,library' + severity: 'CRITICAL,HIGH' ort: runs-on: ubuntu-latest