Set custom action trivy

2025-01-20 07:00:17 +08:00 · 2025-01-20 07:00:17 +08:00 · 566719317a
commit 566719317a
parent 92d5171f1f
1 changed files with 21 additions and 11 deletions
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -48,20 +48,30 @@ jobs:
          tags: |
            rusian/gitolite-cgit:latest
-      - name: Run Trivy vulnerability scanner
+      - name: Run Trivy scan
-        uses: aquasecurity/trivy-action@0.27.0
+        uses: astounds/trivy-action@v1
        with:
-          image-ref: rusian/gitolite-cgit:latest
+          image: 'rusian/gitolite-cgit:latest'
          severity: 'CRITICAL,HIGH'
          pkg-types: 'os'
          format: 'table'
          exit-code: '1'
-          ignore-unfixed: true
+
-          vuln-type: 'os'
+      # - name: Install Trivy
-          severity: 'CRITICAL,HIGH'
+      #   run: |
-        env:
+      #     curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
-          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
+      #     trivy --version
-          TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+
-          TRIVY_SKIP_DB_UPDATE: false
+      # - name: Run Trivy vulnerability scanner
-          TRIVY_SKIP_JAVA_DB_UPDATE: false
+      #   run: |
      #     trivy image rusian/gitolite-cgit:latest \
      #                 --format table \
      #                 --db-repository "ghcr.io/aquasecurity/trivy-db:2","public.ecr.aws/aquasecurity/trivy-db" \
      #                 --java-db-repository "ghcr.io/aquasecurity/trivy-java-db:1","public.ecr.aws/aquasecurity/trivy-java-db:1" \
      #                 --exit-code 1 \
      #                 --ignore-unfixed \
      #                 --pkg-types os \
      #                 --severity CRITICAL,HIGH
      - name: Push Docker image
        uses: docker/build-push-action@v6