Skip to content

Commit

Permalink
Add trivy env variables for private registry and remove recommendatio…
Browse files Browse the repository at this point in the history
…ns and compare for docker scout
  • Loading branch information
robert-schardt committed Nov 26, 2024
1 parent 4700ed2 commit 762c940
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion .github/workflows/research-vuln-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,9 @@ jobs:
output: 'trivy-results.sarif'
severity: 'MEDIUM,HIGH,CRITICAL'
github-pat: ${{ secrets.GITHUB_TOKEN }} # or ${{ secrets.github_pat_name }} if you're using a PAT
env:
TRIVY_USERNAME: ${{ secrets.GREENBONE_REGISTRY_READ_USER }}
TRIVY_PASSWORD: ${{ secrets.GREENBONE_REGISTRY_READ_TOKEN }}

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
Expand Down Expand Up @@ -101,7 +104,7 @@ jobs:
if: ${{ github.event_name != 'pull_request_target' }}
uses: docker/scout-action@v1
with:
command: cves, recommendations, compare
command: cves
image: '${{ vars.GREENBONE_REGISTRY }}/opensight/opensight-postgres:16'
sarif-file: sarif.output.json
summary: true
Expand Down

0 comments on commit 762c940

Please sign in to comment.