1919 runs-on : ${{ inputs.runsOn }}
2020 strategy :
2121 matrix :
22- workingdir : [extender, telemetry-aware-scheduling]
22+ workingdir : [extender, telemetry-aware-scheduling, gpu-aware-scheduling ]
2323 name : vulnerability-scanners
2424 steps :
2525 - name : Checkout project
@@ -36,15 +36,25 @@ jobs:
3636 - name : trivy config $DIR
3737 run : |
3838 cd ./${{ matrix.workingdir }}
39- echo "Running trivy config for ${{ matrix.workingdir }} "
40- trivy config ./
41- output=$(trivy config ./)
42- if echo "$ output" | grep -E "CRITICAL|HIGH" ; then
43- echo "::warning::severities CRITICAL and HIGH found in ${{ matrix.workingdir }}"
44- return 1
39+ echo "Running trivy config for ${{ matrix.workingdir }}, looking for CRITICAL or HIGH severity items... "
40+ trivy config ./ --severity=CRITICAL
41+ output=$(trivy config ./ --severity=CRITICAL )
42+ if [ -n "${ output}" ] ; then
43+ echo "::warning::severities CRITICAL issues spotted by Trivy in ${{ matrix.workingdir }}"
44+ exit 1
4545 else
46- echo "trivy config ./ ran successfully"
46+ echo "trivy config ./ --severity=CRITICAL ran successfully"
4747 fi
48+ # look for HIGH severity issues
49+ trivy config ./ --severity=HIGH
50+ output=$(trivy config ./ --severity=HIGH)
51+ if [ -n "${output}" ]; then
52+ echo "::warning::severities HIGH issues spotted by Trivy in ${{ matrix.workingdir }}"
53+ exit 1
54+ else
55+ echo "trivy config ./ --severity=HIGH ran successfully"
56+ fi
57+
4858 cd ..
4959shell : bash
5060 - name : trivy fs --all packages
0 commit comments