@@ -37,11 +37,11 @@ jobs:
3737 make docker-build IMG="${{ env.IMAGE_NAME }}:${{ github.sha }}"
3838
3939name : Run Trivy vulnerability scanner
40- uses : aquasecurity/trivy-action@master
40+ uses : aquasecurity/trivy-action@0.18.0
4141 with :
4242 scan-type : image
4343 image-ref : " ${{ env.IMAGE_NAME }}:${{ github.sha }}"
44- exit-code : 1
44+ exit-code : 0
4545 ignore-unfixed : true
4646 vuln-type : os,library
4747 severity : HIGH,CRITICAL
@@ -51,19 +51,32 @@ jobs:
5151 template : " @.github/ISSUE_TEMPLATE/trivy-results.tpl"
5252 output : ${{ env.TRIVY_RESULTS_MARKDOWN }}
5353
54+ - name : Extract total count of vulnerabilities
55+ id : extract-total-cnt-of-vulns
56+ run : |
57+ if [[ $(cat "${{ env.TRIVY_RESULTS_MARKDOWN }}") =~ Total\ count\ of\ vulnerabilities:\ ([0-9]+) ]]; then
58+ result=${BASH_REMATCH[0]}
59+ echo "$result"
60+ total_cnt_of_vulns=${BASH_REMATCH[1]}
61+ echo "total_cnt_of_vulns=$total_cnt_of_vulns" >> "$GITHUB_OUTPUT"
62+ else
63+ echo "Error: Failed to extract total count of vulnerabilities"
64+ exit 1
65+ fi
66+
5467name : Insert YAML front matter into the results markdown
55- if : always()
68+ if : ${{ fromJson(steps.extract-total-cnt-of-vulns.outputs.total_cnt_of_vulns) > 0 }}
5669 run : |
5770 sed -i '1i\
5871 ---\
59- title: "[DO NOT CHANGE] Security Alert"\
72+ title: "Security Alert by Trivy "\
6073 labels: "trivy, vulnerability"\
6174 ---\
6275 ' "${{ env.TRIVY_RESULTS_MARKDOWN }}"
6376
6477name : Create or update the trivy results issue
78+ if : ${{ fromJson(steps.extract-total-cnt-of-vulns.outputs.total_cnt_of_vulns) > 0 }}
6579 uses : JasonEtco/create-an-issue@v2
66- if : always()
6780 env :
6881 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
6982 with :
0 commit comments