change gha trivy scan

hpi-schul-cloud · Jul 25, 2023 · 33fc374 · 33fc374
1 parent ffe0d19
commit 33fc374
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/.github/workflows/imagetoghcr-on-push.yaml b/.github/workflows/imagetoghcr-on-push.yaml
@@ -75,12 +75,10 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
         with:
-          image-ref: ${{ steps.image_ref_lower.outputs.output }}
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          severity: 'CRITICAL,HIGH'
-          exit-code: 1
+          image-ref: "ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}"
+          format: "sarif"
+          output: "trivy-results.sarif"
+          severity: "CRITICAL,HIGH"
           ignore-unfixed: true
 
       - name: Upload Trivy scan results to GitHub Security tab