diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 16e3215..5bdd47f 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,6 +1,6 @@ ################################################################################# -# Copyright (c) 2022,2023 T-Systems International GmbH -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 T-Systems International GmbH +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -19,18 +19,15 @@ ################################################################################ name: "Trivy" + on: - push: - branches: - - main schedule: - # Once a day - - cron: "0 0 * * *" + - cron: "0 0 * * 0" workflow_dispatch: - # Trigger manually jobs: - analyze-config: + analyze: + name: Analyze runs-on: ubuntu-latest permissions: actions: read @@ -38,16 +35,18 @@ jobs: security-events: write steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.12.0 + uses: aquasecurity/trivy-action@0.18.0 with: - image-ref: "tractusx/data-exchange-test-service:latest" + image-ref: "tractusx/data-exchange-test-service:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner format: "sarif" output: "trivy-results.sarif" - vuln-type: "os,library" + exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail. + severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH). + hide-progress: false - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 + if: always() with: sarif_file: "trivy-results.sarif" diff --git a/README.md b/README.md index d6f136b..cb5191a 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ This service will help for testing the connectors and also can be used for healt ### Software Version ```shell -Latest Helm version is v1.0.13 +Latest Helm version is v1.0.14 Latest Application version is v1.0.10 ``` ### How to run diff --git a/charts/data-exchange/Chart.yaml b/charts/data-exchange/Chart.yaml index 88bcf26..7a50e87 100644 --- a/charts/data-exchange/Chart.yaml +++ b/charts/data-exchange/Chart.yaml @@ -38,7 +38,7 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.13 +version: 1.0.14 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/data-exchange/README.md b/charts/data-exchange/README.md index 86c017c..59aad40 100644 --- a/charts/data-exchange/README.md +++ b/charts/data-exchange/README.md @@ -1,6 +1,6 @@ # data-exchange -![Version: 1.0.13](https://img.shields.io/badge/Version-1.0.13-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.10](https://img.shields.io/badge/AppVersion-1.0.10-informational?style=flat-square) +![Version: 1.0.14](https://img.shields.io/badge/Version-1.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.10](https://img.shields.io/badge/AppVersion-1.0.10-informational?style=flat-square) Data exchange service is used to exchange the data between connectors