ci: broaden Trivy scan to cover MEDIUM severity vulnerabilities

appleboy · appleboy · commit 6b27855834ee · 2025-11-29T12:19:04.000+08:00
- Expand Trivy scan to include MEDIUM severity vulnerabilities in both Docker and source code workflows

Signed-off-by: appleboy &lt;appleboy.tw@gmail.com&gt;
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -80,7 +80,7 @@ jobs:
           ignore-unfixed: true
           format: "sarif"
           output: "trivy-docker-results.sarif"
-          severity: "CRITICAL,HIGH"
+          severity: "CRITICAL,HIGH,MEDIUM"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -34,7 +34,7 @@ jobs:
           ignore-unfixed: true
           format: "sarif"
           output: "trivy-source-results.sarif"
-          severity: "CRITICAL,HIGH"
+          severity: "CRITICAL,HIGH,MEDIUM"
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
