Merge branch 'Test-b' of github.com:christopher-walsh22/bcparks-ar-ap…

…i into Test-b
bcgov · Jul 25, 2024 · 2854ec2 · 2854ec2
2 parents 25e97b3 + 88eb793
commit 2854ec2
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/.github/workflows/analysis.yaml b/.github/workflows/analysis.yaml
@@ -6,24 +6,26 @@ on:
   pull_request:
     types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
   schedule:
-    - cron: "0 11 * * 0" # 3 AM PST = 12 PM UDT, runs sundays
-  workflow_dispatch:
+    - cron: "29 22 * * 4"
 
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+permissions:
+  contents: read
 
 jobs:
-  # https://github.com/marketplace/actions/aqua-security-trivy
   trivy:
+    permissions:
+      contents: read
+      security-events: write
     name: Trivy Security Scan
     if: ${{ ! github.event.pull_request.draft }}
     runs-on: ubuntu-22.04
     timeout-minutes: 1
     steps:
-      - uses: actions/checkout@v4
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.53.0
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.22.0
         with:
           format: "sarif"
           output: "trivy-results.sarif"
@@ -32,6 +34,9 @@ jobs:
           scanners: "vuln,secret,config"
           severity: "CRITICAL,HIGH"
 
+      - name: Print SARIF file
+        run: cat trivy-results.sarif
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
         with:

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# Ignore possible issue with empty URI
+AVD-AWS-0112
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Ignore possible issue with empty URI
		AVD-AWS-0112