Merge pull request #614 from caponetto/allow-trivy-severities

Enable all severities on the Trivy daily report

Author: openshift-merge-bot[bot]

.github/workflows/build-notebooks-TEMPLATE.yaml

@@ -168,12 +168,6 @@ jobs:
           IMAGE_NAME=${{ steps.resolve-image.outputs.image }}
           echo "Scanning $IMAGE_NAME"
 
-          SEVERITY_OPTION=""
-          # Report only higher vulnerabilities if not a pull request
-          if [ "${{ fromJson(inputs.github).event_name }}" != "pull_request" ]; then
-            SEVERITY_OPTION="--severity CRITICAL,HIGH"
-          fi
-
           # have trivy access podman socket,
           # https://github.com/aquasecurity/trivy/issues/580#issuecomment-666423279
           podman run --rm \
@@ -185,7 +179,6 @@ jobs:
                 --podman-host /var/run/podman/podman.sock \
                 --scanners vuln --ignore-unfixed \
                 --exit-code 0 --timeout 30m \
-                $SEVERITY_OPTION \
                 --format template --template "@/report/$REPORT_TEMPLATE" -o /report/$REPORT_FILE \
                 $IMAGE_NAME