Closed sumanth-lingappa closed 2 months ago
Hi @sumanth-lingappa !
The README contains examples of how to use the action and a description of the arguments. To terminate a workflow with an error, pass the exit-code: '1'
argument. Don't forget to specify the if: always()
condition if you want to load the results to the security page regardless of the status of the workflow.
Thank you @nikpivkin for your reply,
In which step should I pass if: always()
?
@sumanth-lingappa At the upload step of the report, for example, when using upload-sarif
.
@nikpivkin, I have updated my trivy workflow as you mentioned. However, the trivy scan is failing, but there is no such activity in security tab. Please help. Workflow file: HERE Reference Pull request: https://github.com/netscaler/ansible-collection-netscaleradc/pull/411
Trivy workflow details: https://github.com/netscaler/ansible-collection-netscaleradc/actions/runs/8684242656/job/23811506482?pr=411
@sumanth-lingappa Try changing the filter to this pr:<pr_num> tool:Trivy is:open
https://docs.github.com/en/code-security/code-scanning/managing-code-scanning-alerts/triaging-code-scanning-alerts-in-pull-requests
Thank you @nikpivkin, I get the results now.
I used to get a GitHub comment before (Ref: PR#390. But I dont get this anymore? Can you please help how can I get a comment from github-advanced-security via TRIVY as below?
Unfortunately I can't help with this and I don't think it's related to Trivy. Try to find it in the documentation.
Sure @nikpivkin, I will close this one then. Thanks a lot for your help.
My workflow file is HERE
I would like to fail the workflow if the trivy-action found vulnerabilities. I have done this in my bandit workflow in the same repo
Since I am using the trivy-action, I am unable to get the exit-code of the trivy-action run.
Can anyone please help?