Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: use trivy github action #1053

Merged
merged 4 commits into from
Jul 17, 2024
Merged

feat: use trivy github action #1053

merged 4 commits into from
Jul 17, 2024

Conversation

aviatus
Copy link
Contributor

@aviatus aviatus commented Jul 15, 2024

What this PR does / why we need it:
The trivy downloading binary has been replaced with trivy github action on test.yaml

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #860

Special notes for your reviewer:
For consistency of Trivy version aquasecurity/trivy-action@0.19.0 was used but patch version was implemented by that (0.50.0 -> 0.50.1).

sozercan
sozercan reviewed Jul 15, 2024
View reviewed changes
.github/workflows/test.yaml Outdated
- name: Run trivy for remover
run: trivy image --ignore-unfixed --exit-code=1 --vuln-type=os,library ${{ env.REGISTRY }}/remover:test
uses: aquasecurity/trivy-action@0.19.0
Copy link
Member

@sozercan sozercan Jul 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add the commit to this please? (applies to others below too)

Suggested change
uses: aquasecurity/trivy-action@0.19.0
uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55

@sozercan
Copy link
Member

@aviatus can you sign the DCO when you get a chance?

@codecov-commenter
Copy link

codecov-commenter commented Jul 15, 2024
edited by codecov bot
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Flag Coverage Δ
unittests 12.61% <ø> (-2.23%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 10 files with indirect coverage changes

aviatus added 2 commits July 15, 2024 22:45
@aviatus
Remove trivy binary and changed it with trivy github action
87c424e 
Signed-off-by: Ahmet Enes Yildiz <aenes45@gmail.com>
@aviatus
Fix trivy-action pull by tag to commit sha
73817d5 
Signed-off-by: Ahmet Enes Yildiz <aenes45@gmail.com>
@aviatus aviatus force-pushed the use-trivy-github-action branch from cb866e0 to 73817d5 Compare July 15, 2024 19:48
sozercan
sozercan approved these changes Jul 16, 2024
View reviewed changes
Copy link
Member

@sozercan sozercan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! LGTM

@ashnamehrotra ashnamehrotra merged commit 588d84d into eraser-dev:main Jul 17, 2024
92 of 93 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan approved these changes

@ashnamehrotra ashnamehrotra Awaiting requested review from ashnamehrotra ashnamehrotra is a code owner

@pmengelbert pmengelbert Awaiting requested review from pmengelbert pmengelbert is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

feat: use trivy github action
4 participants
@aviatus @sozercan @codecov-commenter @ashnamehrotra