Update ci-schedule-imagescanning.yaml

zhzhuang-zju · Oct 30, 2023 · f6410e9 · f6410e9
1 parent 5faa46f
commit f6410e9
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/.github/workflows/ci-schedule-imagescanning.yaml b/.github/workflows/ci-schedule-imagescanning.yaml
@@ -35,25 +35,30 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
-      - name: download trivy
-        run: |
-          sudo apt-get install trivy
       - name: Build images from Dockerfile
         run: |
           export VERSION=${{ matrix.karmada-version }}
           export REGISTRY="docker.io/karmada"
           make images GOOS="linux" --directory=.
       - name: download trivy
         run: |
-          apt-get install trivy
+          export TRIVYVERSION=0.45.1
+          sodo apt-get update
+          sodu apt-get install trivy:$TRIVYVERSION
       - name: Run Trivy vulnerability scanner
         run: |
           imageIds=(`docker images -q`)
+          mkdir trivy
           for id in ${imageIds[@]}
           do 
             image=$(docker images|grep $id| sed 's/[ ][ ]*/,/g')
             IFS=","
             imageInfo=($image)
             imageref="${imageInfo[0]}:${imageInfo[1]}"
             trivy image --format table --ignore-unfixed --vuln-type os,library --severity  UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL $imageref
-          done 
+            trivy image --format sarif --ignore-unfixed --vuln-type os,library --severity  UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --output trivy-$id.sarif $imageref
+          done
+      - name: display
+        run: |
+          ll trivy
+