Merge pull request #1308 from znsio/fail_docker_scan_for_high_vul

Vulnerability Scan stage for docker should fail for HIGH/CRITICAL
znsio · Sep 25, 2024 · 7a7faec · 7a7faec
2 parents e6f5106 + 6860fea
commit 7a7faec
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -1,6 +1,8 @@
 name: Manual Release Build and Docker Image
 
 on:
+  repository_dispatch:
+    types: [specmatic-core-release]
   workflow_dispatch:
 
 jobs:
@@ -41,7 +43,11 @@ jobs:
         uses: aquasecurity/trivy-action@0.24.0
         with:
           image-ref: znsio/specmatic:${{ steps.read_version.outputs.VERSION }}
-        continue-on-error: true
+          severity: HIGH,CRITICAL
+          exit-code: '1'
+          ignore-unfixed: true
+          format: table
+          vulnerability-type: os,library
 
       - name: Push Docker Image
         run: docker push znsio/specmatic:${{ steps.read_version.outputs.VERSION }}