NO-TICKET: Add temporary fix for trivy action

As mentioned in [this issue](aquasecurity/trivy-action#228) somehow the exit codes are not set correctly. Therefore, we are for now checking the scan results in an additional step
digitalservicebund · Apr 26, 2023 · 35552c3 · 35552c3
1 parent 47468b6
commit 35552c3
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -112,6 +112,15 @@ jobs:
           output: "trivy-results.sarif"
           severity: "CRITICAL,HIGH"
           exit-code: "1" # Fail the build!
+      - name: Check trivy results
+        run: |
+          if grep -qE 'HIGH|CRITICAL' trivy-results.sarif; then
+            echo "Vulnerabilities found"
+            exit 1
+          else
+            echo "No significant vulnerabilities found"
+            exit 0
+          fi
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         if: ${{ always() }} # Bypass non-zero exit code..