WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

Commit b45c810

Browse files
appleboyappleboy
committed
ci: limit Trivy scan uploads to critical and high severity findings
- Restrict Trivy vulnerability scan uploads to only CRITICAL and HIGH severity findings (exclude MEDIUM) in both workflows Signed-off-by: appleboy <[email protected]>
1 parent 0966956 commit b45c810

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

.github/workflows/docker.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -80,7 +80,7 @@ jobs:
8080
ignore-unfixed: true
8181
format: "sarif"
8282
output: "trivy-docker-results.sarif"
83-
severity: "CRITICAL,HIGH,MEDIUM"
83+
severity: "CRITICAL,HIGH"
8484

8585
- name: Upload Trivy scan results to GitHub Security tab
8686
uses: github/codeql-action/upload-sarif@v3

.github/workflows/security.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
ignore-unfixed: true
3535
format: "sarif"
3636
output: "trivy-source-results.sarif"
37-
severity: "CRITICAL,HIGH,MEDIUM"
37+
severity: "CRITICAL,HIGH"
3838

3939
- name: Upload Trivy scan results to GitHub Security tab
4040
uses: github/codeql-action/upload-sarif@v3

0 commit comments

Comments
 (0)