The SecRel action is currently designed to only publish images once per commit hash. Because of this, and because SecRel scans are automatically triggered with each PR merge, any scheduled scans will only ever run against code which has already been scanned and signed. Because of the how the action is coded, when no images are published there are then no images passed along in the workflow to scan.
The action should be modified to perform a full SecRel scan while still only publishing images once per commit hash.
Acceptance Criteria
Scheduled runs continue to not publish duplicate images
Scheduled runs perform full scans, including Aqua and Snyk checks
Manual workflows continue to work for single services as well as 'all' services
The SecRel action is currently designed to only publish images once per commit hash. Because of this, and because SecRel scans are automatically triggered with each PR merge, any scheduled scans will only ever run against code which has already been scanned and signed. Because of the how the action is coded, when no images are published there are then no images passed along in the workflow to scan.
The action should be modified to perform a full SecRel scan while still only publishing images once per commit hash.
Acceptance Criteria