Open rlove opened 1 year ago
It is not required actually. I have Github Actions extension in VS Code and it complains about it too.
But we don't use that and it works. So I think it should be changed to not-required actually.
trivy-config-scan:
name: trivy config scan
runs-on: ubuntu-latest
steps:
- name: Create .trivyignore file
run: echo '${{ vars.TRIVY_IGNORE }}' > .trivyignore
- uses: aquasecurity/trivy-action@0.11.2
with:
scan-type: config
exit-code: '1'
severity: HIGH,CRITICAL
trivyignores: .trivyignore
Is there a way to use Trivy without a docker image? We just want to scan the terraform that is the given repository.
However in the action.yml the
image-ref
is marked as required.