From ac05aac8270c4d58bcb5fa0a8694ae815b1929a8 Mon Sep 17 00:00:00 2001 From: Maggie Dreyer Date: Thu, 8 Feb 2024 11:48:05 -0800 Subject: [PATCH] (maint) Update file skips for trivy Add a file skip to the publish job, remove the nokogiri skip as it appears to no longer be needed. --- .github/workflows/build-test-push.yml | 2 +- .github/workflows/build-test.yml | 2 +- .github/workflows/publish-4x-image.yml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-test-push.yml b/.github/workflows/build-test-push.yml index 325a677..7b14672 100644 --- a/.github/workflows/build-test-push.yml +++ b/.github/workflows/build-test-push.yml @@ -22,7 +22,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' vuln-type: os timeout: 10m0s - skip-files: "/usr/local/bundle/gems/nokogiri-1.15.5-x86_64-linux/dependencies.yml,/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb" + skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb" - name: Run tests run: cd tests; ./run_tests.sh - name: Tag Docker images diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index bd397c3..3236fe9 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -24,7 +24,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' vuln-type: os timeout: 10m0s - skip-files: "/usr/local/bundle/gems/nokogiri-1.15.5-x86_64-linux/dependencies.yml,/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb" + skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb" - name: Run tests working-directory: ${{ github.workspace }}/tests run: ./run_tests.sh diff --git a/.github/workflows/publish-4x-image.yml b/.github/workflows/publish-4x-image.yml index 38cf9ec..a4b9372 100644 --- a/.github/workflows/publish-4x-image.yml +++ b/.github/workflows/publish-4x-image.yml @@ -32,6 +32,7 @@ jobs: severity: 'CRITICAL,HIGH,MEDIUM' vuln-type: os timeout: 10m0s + skip-files: "/root/.pdk/cache/ruby/2.5.0/gems/aws-sdk-core-3.191.0/lib/aws-sdk-ssooidc/client.rb" - name: Publish standard image to 4.x env: IMAGE_TAG: ${{ github.event.inputs.image_tag }}