improve Trivy Scanning step

udx · Sep 12, 2024 · 4b84683 · 4b84683
1 parent f9a2fde
commit 4b84683
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
@@ -30,4 +30,11 @@ jobs:
 
       - name: Trivy Scanning
         run: |
-          trivy image --severity HIGH,CRITICAL --exit-code 1 --quiet udx-worker/udx-worker:latest | grep -v 'INFO' || exit 1
+          trivy image --severity HIGH,CRITICAL --exit-code 0 --quiet udx-worker/udx-worker:latest | tee trivy.log | grep -v 'INFO'
+
+          if grep -q "Total: 0 (HIGH: 0, CRITICAL: 0)" trivy.log; then
+            echo "No HIGH or CRITICAL vulnerabilities found."
+          else
+            echo "HIGH or CRITICAL vulnerabilities detected!"
+            exit 1
+          fi