exclude high vulns from build pipeline

udx · Sep 24, 2024 · 10c9b91 · 10c9b91
1 parent a8e130a
commit 10c9b91
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -48,13 +48,13 @@ jobs:
       
           while [ $attempt -le $max_retries ]; do
             echo "Running Trivy scan, attempt $attempt..."
-            trivy image --severity HIGH,CRITICAL --exit-code 1 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
+            trivy image --severity CRITICAL --exit-code 1 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
 
             if grep -E "Total: [1-9]" trivy.log; then
-              echo "HIGH or CRITICAL vulnerabilities detected!"
+              echo "CRITICAL vulnerabilities detected!"
               exit 1
             else
-              echo "No HIGH or CRITICAL vulnerabilities found."
+              echo "No CRITICAL vulnerabilities found."
               success=true
               break
             fi