SagarKalankar
commented
4 months ago -
Open SagarKalankar opened 4 months ago
SagarKalankar
commented
4 months ago -
chrisnielsen-MS
commented
4 months ago I see what I was missing the first time -- my original test pipeline was set up to use policy: none while yours is using the default policy. It looks like the policy is currently not working properly for Trivy and overrides all of the rule severities to "warning". There are a couple workarounds you can use until we can update our policy for this:
1.) You can run without any policy. This will also turn off the auto-applicability, so you will need to specify all the tools you want to run in your yaml like your provided sample. To do this, just add "policy: none" to the task inputs in your yaml.
2.) You can override the break level. This is probably too aggressive for breaking the pipeline, but it is another way to get the breaks. It will cause the pipeline to break for any trivy findings, though. To do this, add one more env variable to your yaml: GDN_RUN_MINSEVERITY: 'warning'
SagarKalankar
commented
4 months ago Thank you for the support. I am able to now break the pipeline for HIGH or CRITICAL issues (with the use of break) by setting policy to 'none'.
reynoldsa
commented
3 months ago @SagarKalankar this should be fixed - please try again with policy and let us know.
Hi @SagarKalankar, I tried to reproduce this in my own pipeline but was unable to get the same behavior. Can you share your task logs to help me pinpoint what is going on with your build? A Debug Drop would be even better if you are able to share it.