From 5e5085f734c35952ad192c92d5e776e855f05154 Mon Sep 17 00:00:00 2001
From: chenk <hen.keinan@gmail.com>
Date: Thu, 13 Oct 2022 18:07:50 +0300
Subject: [PATCH] chore: add team notification on vulnerabilities found (#1286)

Signed-off-by: chenk <hen.keinan@gmail.com>

Signed-off-by: chenk <hen.keinan@gmail.com>
---
 .github/workflows/release-snapshot.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-snapshot.yaml b/.github/workflows/release-snapshot.yaml
index eb88dc1ce..dcd9dd4f3 100644
--- a/.github/workflows/release-snapshot.yaml
+++ b/.github/workflows/release-snapshot.yaml
@@ -54,7 +54,16 @@ jobs:
       - name: Scan Starboard Operator image for vulnerabilities
         uses: aquasecurity/trivy-action@master
         with:
-          image-ref: 'docker.io/aquasec/starboard-operator:${{ github.sha }}-amd64'
+          image-ref: 'docker.io/aquasec/starboard-operator:0.15.9-amd64'
           exit-code: '1'
           ignore-unfixed: true
           severity: 'CRITICAL,HIGH'
+      - name: Notify dedicated teams channel
+        uses: jdcargile/ms-teams-notification@v1.3
+        if: failure()
+        with:
+          github-token: ${{ secrets.ORG_REPO_TOKEN }}
+          ms-teams-webhook-uri: ${{ secrets.MS_TEAMS_WEBHOOK_URI }}
+          notification-summary: vulnerabilities has been found in starboard-operator image
+          notification-color: 17a2b8
+          timezone: America/Denver