chore: Run trivy scan on git repository and update version (#2169)

Co-authored-by: Rita Zhang <rita.z.zhang@gmail.com>
open-policy-agent · Jul 23, 2022 · 8f1ef8c · 8f1ef8c
1 parent 6f665b4
commit 8f1ef8c
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml
@@ -256,16 +256,20 @@ jobs:
           tar zxvf trivy_${{ env.TRIVY_VERSION }}_Linux-64bit.tar.gz
           echo "$(pwd)" >> $GITHUB_PATH
         env:
-          TRIVY_VERSION: "0.22.0"
+          TRIVY_VERSION: "0.29.2"
+
+      - name: Run trivy on git repository
+        run: |
+          trivy fs --format table --ignore-unfixed --skip-dirs website --security-checks vuln .
 
       - name: Build docker images
         run: make docker-build
 
-      - name: Run trivy
+      - name: Run trivy on images
         run: |
           for img in "openpolicyagent/gatekeeper:latest" "openpolicyagent/gatekeeper-crds:latest"; do
             for vuln_type in "os" "library"; do
-              trivy image --ignore-unfixed --exit-code=1 --vuln-type="${vuln_type}" "${img}"
+              trivy image --ignore-unfixed --vuln-type="${vuln_type}" "${img}"
             done
           done