ci: Update Trivy configuration in security scan workflow

h2oai · Nov 14, 2024 · c1960ea · c1960ea
1 parent 484ea2b
commit c1960ea
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/.github/workflows/component-scan.yml b/.github/workflows/component-scan.yml
@@ -27,40 +27,44 @@ jobs:
         uses: aquasecurity/[email protected]
         with:
           image-ref: image:latest
-          format: 'json'
           vuln-type: 'os,library'
-          output: 'trivy-results.json'
         env:
           TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
           TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
+          TRIVY_FORMAT: json
+          TRIVY_OUTPUT: 'trivy-results.json'
 
       - name: Save vulnerabilities report in tabular format
         if: always()
         uses: aquasecurity/[email protected]
         with:
-          image-ref: trivy-results.json
+          scan-ref: trivy-results.json
           scan-type: convert
-          vuln-type: ''
-          format: 'table'
-          output: 'trivy-results.txt'
+        env:
+          TRIVY_FORMAT: table
+          TRIVY_OUTPUT: 'trivy-results.txt'
 
       - name: Display vulnerabilities report
         if: always()
         uses: aquasecurity/[email protected]
         with:
-          image-ref: trivy-results.json
+          scan-ref: trivy-results.json
           scan-type: convert
-          vuln-type: ''
+        env:
+          TRIVY_FORMAT: table
+          TRIVY_OUTPUT: ''
 
       - name: Fail on high and critical vulnerabilities
         if: always()
         uses: aquasecurity/[email protected]
         with:
-          image-ref: trivy-results.json
+          scan-ref: trivy-results.json
           scan-type: convert
           exit-code: '1'
-          vuln-type: ''
           severity: 'HIGH,CRITICAL'
+        env:
+          TRIVY_FORMAT: table
+          TRIVY_OUTPUT: ''
 
       - name: Publish scan report
         if: always()