IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

ci: Only run vuln scanner when Go deps are updated (#89433)

Browse Source 
Signed-off-by: Dave Henderson <dave.henderson@grafana.com>
This commit is contained in:
Dave Henderson 2024-06-20 09:07:15 -04:00 committed by GitHub
parent b7df121294
commit 1cc58d19f5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.github/workflows/trivy-scan.yml vendored
View File

@ -1,9 +1,14 @@
name: Trivy Scan name: Trivy Scan
on: on:
pull_request: pull_request:
# only run on PRs where go.mod/go.sum/etc have been updated
paths:
- go.*
push: push:
branches: branches:
- main - main
paths:
- go.*
jobs: jobs:
trivy-scan: trivy-scan:
@ -25,6 +30,8 @@ jobs:
vuln-type: 'os,library' vuln-type: 'os,library'
severity: 'CRITICAL,HIGH' severity: 'CRITICAL,HIGH'
trivyignores: .trivyignore trivyignores: .trivyignore
# for the PR check, ignore JS-related issues
skip-files: 'yarn.lock,package.json'
- name: Run Trivy vulnerability scanner (SARIF) - name: Run Trivy vulnerability scanner (SARIF)
uses: aquasecurity/trivy-action@0.22.0 uses: aquasecurity/trivy-action@0.22.0
with: with: