From 604194d1b87b2b029e3bd5322c13a98502d31aed Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Wed, 12 May 2021 10:25:07 -0700 Subject: [PATCH 1/3] fix: re-enable trivy-scan-repo --- .github/workflows/ci.yaml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 39a9136b1..98a7acdfc 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -466,16 +466,12 @@ jobs: # codeql/upload-sarif action per job trivy-scan-repo: runs-on: ubuntu-20.04 - # NOTE@jsjoeio 5/10/2021 - # Disabling until fixed upstream - # See: https://github.com/aquasecurity/trivy-action/issues/22#issuecomment-833768084 - if: "1 == 2" steps: - name: Checkout code uses: actions/checkout@v2 - name: Run Trivy vulnerability scanner in repo mode - #Commit SHA for v0.0.14 - uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e + #Commit SHA for v0.0.15 + uses: aquasecurity/trivy-action@9789b6ae3b29487541292242e416cd89e4e54874 with: scan-type: "fs" scan-ref: "." From 065b1411067f1b77da83769998b3bbe3aa89e674 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Wed, 12 May 2021 10:29:07 -0700 Subject: [PATCH 2/3] chore: update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 535dac363..6b7e6bcf6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -75,6 +75,7 @@ VS Code v1.56 - chore: ignore updates to microsoft/playwright-github-action - fix(socket): use xdgBasedir.runtime instead of tmp #3304 @jsjoeio +- fix(ci): re-enable trivy-scan-repo #3368 @jsjoeio ## 3.10.0 From 5fe76bdecf65e3f24c1adb3fdca8bba6d769f154 Mon Sep 17 00:00:00 2001 From: Joe Previte Date: Wed, 12 May 2021 10:31:48 -0700 Subject: [PATCH 3/3] fix: update trivy-action to v0.0.17 --- .github/workflows/ci.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 98a7acdfc..cb210d86a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -446,8 +446,8 @@ jobs: path: ./release-images - name: Run Trivy vulnerability scanner in image mode - # Commit SHA for v0.0.14 - uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e + # Commit SHA for v0.0.17 + uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b with: input: "./release-images/code-server-amd64-*.tar" scan-type: "image" @@ -470,8 +470,8 @@ jobs: - name: Checkout code uses: actions/checkout@v2 - name: Run Trivy vulnerability scanner in repo mode - #Commit SHA for v0.0.15 - uses: aquasecurity/trivy-action@9789b6ae3b29487541292242e416cd89e4e54874 + #Commit SHA for v0.0.17 + uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b with: scan-type: "fs" scan-ref: "."