From cc7efc44c3df60c26a91b9afc31a45a2b424f4e3 Mon Sep 17 00:00:00 2001 From: Gian Miguel Del Mundo Date: Wed, 24 Apr 2024 15:59:14 +0800 Subject: [PATCH 1/3] Added build-and-test pipeline for vuln scanning --- .github/workflows/build-and-test.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/workflows/build-and-test.yaml diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml new file mode 100644 index 00000000..6e5d8112 --- /dev/null +++ b/.github/workflows/build-and-test.yaml @@ -0,0 +1,9 @@ +name: Build and Test +on: [pull_request, push, workflow_dispatch] + +jobs: + build: + uses: IABTechLab/uid2-shared-actions/.github/workflows/shared-build-and-test.yaml@v2 + secrets: inherit + with: + vulnerability_scan_only: true From a3c8618803e23f45df95136d4f299b9aa6f557c9 Mon Sep 17 00:00:00 2001 From: Gian Miguel Del Mundo Date: Wed, 24 Apr 2024 16:00:31 +0800 Subject: [PATCH 2/3] Added .trivyignore --- .trivyignore | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000..3aa85f54 --- /dev/null +++ b/.trivyignore @@ -0,0 +1,5 @@ +# List any vulnerability that are to be accepted +# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ +# for more details +# e.g. +# CVE-2022-3996 From 6c1d4c3e461896f7603c95728d0d60f97f419ed7 Mon Sep 17 00:00:00 2001 From: Gian Miguel Del Mundo Date: Fri, 26 Apr 2024 12:19:26 +0800 Subject: [PATCH 3/3] Removed workflow_dispatch from build-and-test --- .github/workflows/build-and-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml index 6e5d8112..6749c269 100644 --- a/.github/workflows/build-and-test.yaml +++ b/.github/workflows/build-and-test.yaml @@ -1,5 +1,5 @@ name: Build and Test -on: [pull_request, push, workflow_dispatch] +on: [pull_request, push] jobs: build: