Skip to content

Commit 074e6ca

Browse files
committed
chore
1 parent 7044c2f commit 074e6ca

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

.github/workflows/ci.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,8 @@ jobs:
119119
cache-to: type=gha,mode=max
120120
secrets: |
121121
github_token=${{ secrets.GITHUB_TOKEN }}
122+
provenance: mode=max
123+
sbom: true
122124

123125
# - name: Check if ":latest" tag exists
124126
# if: github.event_name == 'pull_request'
@@ -158,14 +160,15 @@ jobs:
158160
159161
- name: Analyze for critical and high CVEs
160162
id: docker-scout-cves
161-
#if: ${{ github.event_name == 'pull_request' }}
163+
if: ${{ github.event_name != 'pull_request' }}
162164
uses: docker/scout-action@v1
163165
with:
164166
command: cves
165167
image: ${{ steps.meta.outputs.tags }}
166168
only-severities: critical,high
167169
sarif-file: sarif.output.json
168170
summary: true
171+
exit-code: true
169172

170173
- name: Upload SARIF result
171174
id: upload-sarif

0 commit comments

Comments
 (0)