ci: update trivy options (#1637)

Remove deprecated flag and do not scan secret as ovs has embed private key for ssl.
kubeovn · Jun 23, 2022 · 011eba2 · 011eba2
1 parent 3d82780
commit 011eba2
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/Makefile b/Makefile
@@ -396,8 +396,8 @@ lint-windows:
 
 .PHONY: scan
 scan:
-	trivy image --light --exit-code=1 --severity=HIGH --ignore-unfixed $(REGISTRY)/kube-ovn:$(RELEASE_TAG)
-	trivy image --light --exit-code=1 --severity=HIGH --ignore-unfixed $(REGISTRY)/vpc-nat-gateway:$(RELEASE_TAG)
+	trivy image --exit-code=1 --severity=HIGH --ignore-unfixed --security-checks vuln $(REGISTRY)/kube-ovn:$(RELEASE_TAG)
+	trivy image --exit-code=1 --severity=HIGH --ignore-unfixed --security-checks vuln $(REGISTRY)/vpc-nat-gateway:$(RELEASE_TAG)
 
 .PHONY: ut
 ut: