From f6410e9c1583079404b6cb0ef4e32476054522f9 Mon Sep 17 00:00:00 2001
From: zhzhuang-zju <m17799853869@163.com>
Date: Mon, 30 Oct 2023 11:22:41 +0800
Subject: [PATCH] Update ci-schedule-imagescanning.yaml

---
 .github/workflows/ci-schedule-imagescanning.yaml | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci-schedule-imagescanning.yaml b/.github/workflows/ci-schedule-imagescanning.yaml
index 8dd44ff1bbdc..12ffd5cde6e8 100644
--- a/.github/workflows/ci-schedule-imagescanning.yaml
+++ b/.github/workflows/ci-schedule-imagescanning.yaml
@@ -35,9 +35,6 @@ jobs:
         uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go-version }}
-      - name: download trivy
-        run: |
-          sudo apt-get install trivy
       - name: Build images from Dockerfile
         run: |
           export VERSION=${{ matrix.karmada-version }}
@@ -45,10 +42,13 @@ jobs:
           make images GOOS="linux" --directory=.
       - name: download trivy
         run: |
-          apt-get install trivy
+          export TRIVYVERSION=0.45.1
+          sodo apt-get update
+          sodu apt-get install trivy:$TRIVYVERSION
       - name: Run Trivy vulnerability scanner
         run: |
           imageIds=(`docker images -q`)
+          mkdir trivy
           for id in ${imageIds[@]}
           do 
             image=$(docker images|grep $id| sed 's/[ ][ ]*/,/g')
@@ -56,4 +56,9 @@ jobs:
             imageInfo=($image)
             imageref="${imageInfo[0]}:${imageInfo[1]}"
             trivy image --format table --ignore-unfixed --vuln-type os,library --severity  UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL $imageref
-          done 
+            trivy image --format sarif --ignore-unfixed --vuln-type os,library --severity  UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL --output trivy-$id.sarif $imageref
+          done
+      - name: display
+        run: |
+          ll trivy
+