Merge pull request #2 from RyosukeDTomita/feature/image-scan

cat
RyosukeDTomita · Dec 16, 2023 · b87fc22 · b87fc22
2 parents 0968523 + 5ce9480
commit b87fc22
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/copilot/pipelines/react-app-pipeline/buildspec.yml b/copilot/pipelines/react-app-pipeline/buildspec.yml
@@ -66,7 +66,8 @@ phases:
         done;
       - ls -lah ./infrastructure
       # Run trivy scan on the docker images.
-      - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/aquasecurity/trivy:canary --exit-code 1 --severity HIGH,CRITICAL --no-progress --format json -o ./trivy-results.json $(jq -r '.services[].image' ./infrastructure/manifest.json)
+      - docker run --rm -v /var/run/docker.sock:/var/run/docker.sock ghcr.io/aquasecurity/trivy:canary image --vuln-type os --no-progress --format table -o container-scanning-report.txt --severity CRITICAL,HIGH $(jq -r '.services[].image' ./infrastructure/manifest.json)
+      - cat container-scanning-report.txt
 artifacts:
   files:
     - "infrastructure/*"