fix ansible image (#312)

* refactor: Improve installation process for session manager plugin in Dockerfile * trivy scan * Add .trivyignore file for filtering Trivy scans
ministryofjustice · May 31, 2024 · 67cd136 · 67cd136
1 parent a88f273
commit 67cd136
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/.github/workflows/ansible-aws-image-build.yml b/.github/workflows/ansible-aws-image-build.yml
@@ -78,12 +78,16 @@ jobs:
           docker load --input /tmp/ansible-aws-image.tar
 
       - name: Trivy scan
-        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561
         with:
           format: 'sarif'
-          severity: 'MEDIUM,HIGH,CRITICAL'
+          severity: 'CRITICAL,HIGH'
+          limit-severities-for-sarif: 'true'
           image-ref: 'hmpps-delius-operational-automation:${{ github.sha }}'
           exit-code: '1'
+          scan-type: 'image'
+          trivyignores: '.trivyignore'
+          ignore-unfixed: 'true'
           output: 'trivy-results.sarif'
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3

diff --git a/docker/delius-ansible-aws/.trivyignore b/docker/delius-ansible-aws/.trivyignore
@@ -0,0 +1 @@
+# Trivy Ignore file https://aquasecurity.github.io/trivy/v0.51/docs/configuration/filtering/
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		# Trivy Ignore file https://aquasecurity.github.io/trivy/v0.51/docs/configuration/filtering/