|
@@ -75,7 +75,7 @@ jobs:
|
|
|
run: docker build -t bambuddy:security-scan .
|
|
run: docker build -t bambuddy:security-scan .
|
|
|
|
|
|
|
|
- name: Run Trivy vulnerability scanner
|
|
- name: Run Trivy vulnerability scanner
|
|
|
- uses: aquasecurity/trivy-action@0.33.1
|
|
|
|
|
|
|
+ uses: aquasecurity/trivy-action@0.34.0
|
|
|
with:
|
|
with:
|
|
|
image-ref: 'bambuddy:security-scan'
|
|
image-ref: 'bambuddy:security-scan'
|
|
|
format: 'sarif'
|
|
format: 'sarif'
|
|
@@ -91,7 +91,7 @@ jobs:
|
|
|
category: trivy
|
|
category: trivy
|
|
|
|
|
|
|
|
- name: Run Trivy for Dockerfile/IaC
|
|
- name: Run Trivy for Dockerfile/IaC
|
|
|
- uses: aquasecurity/trivy-action@0.33.1
|
|
|
|
|
|
|
+ uses: aquasecurity/trivy-action@0.34.0
|
|
|
with:
|
|
with:
|
|
|
scan-type: 'config'
|
|
scan-type: 'config'
|
|
|
scan-ref: '.'
|
|
scan-ref: '.'
|
|
@@ -230,8 +230,8 @@ jobs:
|
|
|
id: npm-audit
|
|
id: npm-audit
|
|
|
working-directory: frontend
|
|
working-directory: frontend
|
|
|
run: |
|
|
run: |
|
|
|
- npm audit --json > npm-audit-results.json || echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
|
|
|
|
|
- npm audit --audit-level=high || true
|
|
|
|
|
|
|
+ npm audit --omit=dev --json > npm-audit-results.json || echo "vulnerabilities_found=true" >> $GITHUB_OUTPUT
|
|
|
|
|
+ npm audit --omit=dev --audit-level=high || true
|
|
|
|
|
|
|
|
- name: Upload audit results
|
|
- name: Upload audit results
|
|
|
if: always()
|
|
if: always()
|
maziggy