Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the Trivy security scanning workflow by adding table-format output for better log visibility and improving the upload conditions for security results.
- Added
security-events: writepermission to enable security tab uploads - Added parallel Trivy scans in table format for human-readable logs alongside SARIF output
- Restricted security tab uploads to main branch only and added error resilience with
continue-on-error
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Run Trivy scanner in table format for logs | ||
| if: github.event_name != 'pull_request' | ||
| uses: aquasecurity/trivy-action@master |
There was a problem hiding this comment.
Running Trivy twice on the same image doubles scanning time. Consider using a single Trivy scan and processing/formatting the output differently, or leverage Trivy's ability to output multiple formats simultaneously if supported in newer versions.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
| - name: Run Trivy scanner in table format for logs | ||
| if: github.event_name != 'pull_request' | ||
| uses: aquasecurity/trivy-action@master |
There was a problem hiding this comment.
Running Trivy twice on the same image doubles scanning time. Consider using a single Trivy scan and processing/formatting the output differently, or leverage Trivy's ability to output multiple formats simultaneously if supported in newer versions.
|
|
||
| - name: Run Trivy scanner in table format for logs | ||
| if: github.event_name != 'pull_request' | ||
| uses: aquasecurity/trivy-action@master |
There was a problem hiding this comment.
Using @master for action versions is not recommended as it can lead to unexpected breaking changes. Pin to a specific version tag (e.g., @0.24.0) or use a major version reference (e.g., @v0) for stability.
There was a problem hiding this comment.
@copilot open a new pull request to apply changes based on this feedback
|
|
||
| - name: Run Trivy scanner in table format for logs | ||
| if: github.event_name != 'pull_request' | ||
| uses: aquasecurity/trivy-action@master |
There was a problem hiding this comment.
Using @master for action versions is not recommended as it can lead to unexpected breaking changes. Pin to a specific version tag (e.g., @0.24.0) or use a major version reference (e.g., @v0) for stability.
[WIP] Address feedback on Security events pull request
[WIP] Update implementation based on security events feedback
No description provided.