feat(ci): faster scanning (#180)

c1e2ea3b · OlivierDehaene · GitHub · 13f1cd02 · c1e2ea3b
Unverified Commit c1e2ea3b authored Apr 13, 2023 by OlivierDehaene Committed by GitHub Apr 13, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

.github/workflows/build.yaml .github/workflows/build.yaml +3 -1

No files found.
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -28,7 +28,7 @@ jobs:
  build-and-push-image:
    runs-on: large
    permissions:
-      contents: read
+      contents: write
      packages: write
      # This is used to complete the identity challenge
      # with sigstore/fulcio when running outside of PRs.
@@ -116,6 +116,7 @@ jobs:
          format: 'github'
          output: 'dependency-results.sbom.json'
          github-pat: ${{ secrets.GITHUB_TOKEN }}
+          scanners: 'vuln'
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        if: ${{ github.event_name != 'pull_request' }}
@@ -124,6 +125,7 @@ jobs:
          format: 'sarif'
          output: 'trivy-results.sarif'
          severity: 'CRITICAL'
+          scanners: 'vuln'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v2
        if: ${{ github.event_name != 'pull_request' }}