Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/npm_and_yarn/patch-updates-44b224…
Browse files Browse the repository at this point in the history 
…eeb9
  • Loading branch information
@aaschlote
aaschlote authored Nov 22, 2024
2 parents 28c4679 + 0105885 commit 06a6afd
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion .github/workflows/scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,17 @@ jobs:
- name: Check trivy results
run: |
if grep -qE 'HIGH|CRITICAL' trivy-results.sarif; then
echo "Vulnerabilities found"
echo "Vulnerabilities found:"
jq -r '
.runs[].results[] |
"Rule ID: \(.ruleId)\n" +
"Package: \(.message.text | split("\n")[0] | ltrimstr("Package: "))\n" +
"Installed Version: \(.message.text | split("\n")[1] | ltrimstr("Installed Version: "))\n" +
"Severity: \(.message.text | split("\n")[2] | ltrimstr("Severity: "))\n" +
"\(.message.text | split("\n")[4] | ltrimstr("Link: "))\n"
' trivy-results.sarif
# Exit with error status
exit 1
else
echo "No significant vulnerabilities found"
Expand Down

0 comments on commit 06a6afd

Please sign in to comment.