mirror of https://github.com/coder/coder.git
chore: fix trivy scanning (#12421)
This commit is contained in:
parent
a92853c72d
commit
842799847a
|
@ -28,14 +28,14 @@ jobs:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Setup Go
|
||||||
|
uses: ./.github/actions/setup-go
|
||||||
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@v3
|
uses: github/codeql-action/init@v3
|
||||||
with:
|
with:
|
||||||
languages: go, javascript
|
languages: go, javascript
|
||||||
|
|
||||||
- name: Setup Go
|
|
||||||
uses: ./.github/actions/setup-go
|
|
||||||
|
|
||||||
# Workaround to prevent CodeQL from building the dashboard.
|
# Workaround to prevent CodeQL from building the dashboard.
|
||||||
- name: Remove Makefile
|
- name: Remove Makefile
|
||||||
run: |
|
run: |
|
||||||
|
@ -113,14 +113,6 @@ jobs:
|
||||||
make -j "$image_job"
|
make -j "$image_job"
|
||||||
echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
|
echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Run Prisma Cloud image scan
|
|
||||||
uses: PaloAltoNetworks/prisma-cloud-scan@v1
|
|
||||||
with:
|
|
||||||
pcc_console_url: ${{ secrets.PRISMA_CLOUD_URL }}
|
|
||||||
pcc_user: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
|
|
||||||
pcc_pass: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
|
|
||||||
image_name: ${{ steps.build.outputs.image }}
|
|
||||||
|
|
||||||
- name: Run Trivy vulnerability scanner
|
- name: Run Trivy vulnerability scanner
|
||||||
uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef
|
uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef
|
||||||
with:
|
with:
|
||||||
|
@ -142,6 +134,16 @@ jobs:
|
||||||
path: trivy-results.sarif
|
path: trivy-results.sarif
|
||||||
retention-days: 7
|
retention-days: 7
|
||||||
|
|
||||||
|
# Prisma cloud scan runs last because it fails the entire job if it
|
||||||
|
# detects vulnerabilities. :|
|
||||||
|
- name: Run Prisma Cloud image scan
|
||||||
|
uses: PaloAltoNetworks/prisma-cloud-scan@v1
|
||||||
|
with:
|
||||||
|
pcc_console_url: ${{ secrets.PRISMA_CLOUD_URL }}
|
||||||
|
pcc_user: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
|
||||||
|
pcc_pass: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
|
||||||
|
image_name: ${{ steps.build.outputs.image }}
|
||||||
|
|
||||||
- name: Send Slack notification on failure
|
- name: Send Slack notification on failure
|
||||||
if: ${{ failure() }}
|
if: ${{ failure() }}
|
||||||
run: |
|
run: |
|
||||||
|
|
Loading…
Reference in New Issue