Revert "Include args when using trivy config file (#231 )"

Fixes: https://github.com/aquasecurity/trivy-action/issues/238 This reverts commit 82ec0dd604.
bump trivy to v0.42.1 (#240 )
2023-06-09 16:37:19 -06:00 · 2023-06-09 12:01:09 -06:00 · 2023-06-05 11:19:20 -06:00 · 2023-06-05 11:12:39 -06:00 · 2023-06-05 11:08:24 -06:00 · 2023-05-31 14:47:20 -06:00
5 changed files with 10 additions and 6 deletions
@@ -1,7 +1,7 @@
 name: "build"
 on: [push, pull_request]
 env:
-  TRIVY_VERSION: 0.40.0
+  TRIVY_VERSION: 0.42.1
  BATS_LIB_PATH: '/usr/lib/'
 jobs:
  build:
@@ -1,4 +1,4 @@
-FROM ghcr.io/aquasecurity/trivy:0.40.0
+FROM ghcr.io/aquasecurity/trivy:0.42.1
 COPY entrypoint.sh /
 RUN apk --no-cache add bash curl npm
 RUN chmod +x /entrypoint.sh
@@ -105,6 +105,7 @@ if [ $template ] ;then
 fi
 if [ $exitCode ];then
 ARGS="$ARGS --exit-code $exitCode"
+ SARIF_ARGS="$SARIF_ARGS --exit-code $exitCode"
 fi
 if [ "$ignoreUnfixed" == "true" ] && [ "$scanType" != "config" ];then
  ARGS="$ARGS --ignore-unfixed"
@@ -169,6 +170,8 @@ if [ "$skipFiles" ];then
 fi

 trivyConfig=$(echo $trivyConfig | tr -d '\r')
+# To make sure that uploda GitHub Dependency Snapshot succeeds, disable the script that fails first.
+set +e
 if [ "${format}" == "sarif" ] && [ "${limitSeveritiesForSARIF}" != "true" ]; then
  # SARIF is special. We output all vulnerabilities,
  # regardless of severity level specified in this report.
@@ -186,6 +189,7 @@ else
   returnCode=$?
 fi

+set -e
 if [[ "${format}" == "github" ]]; then
  if [[ "$(echo $githubPAT | xargs)" != "" ]]; then
    printf "\n Uploading GitHub Dependency Snapshot"
@@ -1,6 +1,6 @@
 {
  "version": "2.1.0",
-  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
  "runs": [
    {
      "tool": {
@@ -64,7 +64,7 @@
              }
            }
          ],
-          "version": "0.40.0"
+          "version": "0.42.1"
        }
      },
      "results": [
@@ -1,6 +1,6 @@
 {
  "version": "2.1.0",
-  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
+  "$schema": "https://json.schemastore.org/sarif-2.1.0.json",
  "runs": [
    {
      "tool": {
@@ -37,7 +37,7 @@
              }
            }
          ],
-          "version": "0.40.0"
+          "version": "0.42.1"
        }
      },
      "results": [
Author	SHA1	Message	Date
Simar	41f05d9ecf	Revert "Include args when using trivy config file (#231 )" Fixes: https://github.com/aquasecurity/trivy-action/issues/238 This reverts commit `82ec0dd604`.	2023-06-09 16:37:19 -06:00
Daniel Chabr	0cd397afbf	bump trivy to v0.42.1 (#240 ) * bump trivy to v0.42.1 * revert formatting	2023-06-09 12:01:09 -06:00
Roger Coll	b43daad0c3	feat: add exit-code parameter to sarif format (#213 )	2023-06-05 11:19:20 -06:00
abriko	dedfa59531	Enhance GitHub Dependency Snapshot upload (#233 )	2023-06-05 11:12:39 -06:00
Daniel Chabr	f96f79aa22	bump trivy to v0.42.0 (#237 ) * chore(deps): update trivy to v0.42.0 * revert formatting * revert formatting again * update sarif version in tests	2023-06-05 11:08:24 -06:00
Herman Wika Horn	82ec0dd604	Include args when using trivy config file (#231 ) Previously, arguments provided using regular flags were ignored if a trivy config file was provided Note that this pull request makes no effort to deduce or merge desired argument if the same configuration with different values are provided both within the config file and as flags. Behaviour for this case would develop on the implementation of trivy	2023-05-31 14:47:20 -06:00