repos/roboluke
4
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Releases 51 Activity

chore(ci): switch to Trivy
Some checks failed
Validate PR Title / validate (pull_request) Successful in 10s
Details
CI / ci (pull_request) Failing after 1m56s
Details

Browse Source
This commit is contained in:
Luke Tainton 2025-05-31 11:39:29 +02:00
parent 800ad92e52
commit f38d9fd3d0
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
.gitea/workflows/ci.yml
View File

@ -55,17 +55,28 @@ jobs:
- name: Minimize uv cache - name: Minimize uv cache
run: uv cache prune --ci run: uv cache prune --ci
- name: SonarQube Scan # - name: SonarQube Scan
uses: SonarSource/sonarqube-scan-action@v5.2.0 # uses: SonarSource/sonarqube-scan-action@v5.2.0
env: # env:
SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }} # SONAR_HOST_URL: ${{ secrets.SONARQUBE_HOST_URL }}
SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }} # SONAR_TOKEN: ${{ secrets.SONARQUBE_TOKEN }}
- name: Snyk Vulnerability Scan # - name: Snyk Vulnerability Scan
uses: snyk/actions/python@master # uses: snyk/actions/python@master
continue-on-error: true # Sometimes vulns aren't immediately fixable # continue-on-error: true # Sometimes vulns aren't immediately fixable
env: # env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} # SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# command: snyk
# args: test --all-projects
- name: Trivy Vulnerability Scan
uses: aquasecurity/trivy-action@0.30.0
with: with:
command: snyk scan-type: "fs"
args: test --all-projects scan-ref: "${{ gitea.workspace }}"
exit-code: "1"
ignore-unfixed: true
format: "table"
severity: "CRITICAL,HIGH,MEDIUM"
scanners: "vuln,secret,misconfig,license"