Merge pull request #56 from IBM/fix-trivy

crivetimihai · web-flow · commit d0e63bea94c5 · 2025-06-07T07:38:37.000+01:00
Change exit code for trivy to 0
diff --git a/.dockerignore b/.dockerignore
@@ -1,3 +1,4 @@
+.github
 docker-compose.yml
 podman-compose-sonarqube.yaml
 
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
@@ -8,7 +8,7 @@
 #   • Lints the Dockerfile with **Hadolint** (CLI) → SARIF
 #   • Lints the finished image with **Dockle** (CLI) → SARIF
 #   • Generates an SPDX SBOM with **Syft**
-#   • Scans the image for CRITICAL/HIGH CVEs with **Trivy**
+#   • Scans the image for CRITICAL CVEs with **Trivy**
 #   • Uploads Hadolint, Dockle and Trivy results as SARIF files
 #   • Pushes the image to **GitHub Container Registry (GHCR)**
 #   • Signs & attests the image with **Cosign (key-less OIDC)**
@@ -152,8 +152,8 @@ jobs:
           image-ref: ${{ env.IMAGE_NAME }}:latest
           format: sarif
           output: trivy-results.sarif
-          severity: CRITICAL,HIGH
-          exit-code: 1
+          severity: CRITICAL
+          exit-code: 0
       - name: ☁️  Upload Trivy SARIF
         if: always()
         uses: github/codeql-action/upload-sarif@v3

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+.github`
`1`	`2`	`docker-compose.yml`
`2`	`3`	`podman-compose-sonarqube.yaml`
`3`	`4`