diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 682340a3f..eae71b1e4 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -461,30 +461,30 @@ jobs: uses: github/codeql-action/upload-sarif@v1 with: sarif_file: "trivy-image-results.sarif" - # We have to use two trivy jobs # because GitHub only allows # codeql/upload-sarif action per job trivy-scan-repo: runs-on: ubuntu-20.04 - + # NOTE@jsjoeio 5/10/2021 + # Disabling until fixed upstream + # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084 + if: "1 == 2" steps: - name: Checkout code uses: actions/checkout@v2 - - name: Run Trivy vulnerability scanner in repo mode - # Commit SHA for v0.0.14 - uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e - with: - scan-type: "fs" - scan-ref: "." - ignore-unfixed: true - format: "template" - template: "@/contrib/sarif.tpl" - output: "trivy-repo-results.sarif" - severity: "HIGH,CRITICAL" - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v1 - with: - sarif_file: "trivy-repo-results.sarif" + Commit SHA for v0.0.14 + uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e + with: + scan-type: "fs" + scan-ref: "." + ignore-unfixed: true + format: "template" + template: "@/contrib/sarif.tpl" + output: "trivy-repo-results.sarif" + severity: "HIGH,CRITICAL" + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v1 + with: + sarif_file: "trivy-repo-results.sarif"