Merge pull request #440 from bci-oss/chore/adjust-trivy-scan

Adjust trivy scan workflow (exit 1)
eclipse-tractusx · Jul 8, 2024 · a2d27ba · a2d27ba
2 parents e6c000e + 960773e
commit a2d27ba
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -86,6 +86,8 @@ jobs:
           image-ref: "tractusx/sldt-digital-twin-registry:latest"
           # ignore-unfixed: true
           hide-progress: false
+          exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
+          limit-severities-for-sarif: true
           format: "sarif"
           output: "trivy-results-registry.sarif"
           vuln-type: "os,library"