Open nat-ray opened 1 year ago
I got around this with something like
- name: Scan image with trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ env.image_name }}:${{ env.TAG_NAME }}'
output: 'trivy-image-scan-results.sarif'
- name: Check trivy results
run: |
if grep -qE 'HIGH|CRITICAL' trivy-image-scan-results.sarif; then
echo "Vulnerabilities found"
exit 1
else
echo "No significant vulnerabilities found"
exit 0
fi
I have the following set in my workflow:
I only want the workflow to fail if a critical CVE is found. It works for my use case, but I would like it to display all CVE in my docker image (unknown,low,medium,high,critical) in the table output. Is this possible?