Skip to content

Commit

Permalink
remove all fields from trivy result json that are dependent on file p…
Browse files Browse the repository at this point in the history 
…aths or image hashes
  • Loading branch information
@rikukissa
rikukissa committed Oct 29, 2024
1 parent 2f630b3 commit 043f73f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/build-images-from-branch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,8 +153,8 @@ jobs:

- name: Remove lines that are always expected to be different
run: |
sed -i '/"uri": "file:\/\/\/github\/workspace\/base\//d' ${{ github.workspace }}/trivy-results-base.sarif
sed -i '/"uri": "file:\/\/\/github\/workspace\/branch\//d' ${{ github.workspace }}/trivy-results-branch.sarif
jq '.runs |= map(del(.originalUriBaseIds, .properties))' ${{ github.workspace }}/trivy-results-base.sarif > ${{ github.workspace }}/trivy-results-base.sarif
jq '.runs |= map(del(.originalUriBaseIds, .properties))' ${{ github.workspace }}/trivy-results-branch.sarif > ${{ github.workspace }}/trivy-results-branch.sarif
- name: Diff Trivy results to catch newly introduced vulnerabilities
run: diff -u ./trivy-results-base.sarif ./trivy-results-branch.sarif
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/security-scans.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,8 @@ jobs:

- name: Remove lines that are always expected to be different
run: |
sed -i '/"uri": "file:\/\/\/home\/runner\/work\/opencrvs-core\/opencrvs-core\/base\/"/d' ./trivy-results-base.sarif
sed -i '/"uri": "file:\/\/\/home\/runner\/work\/opencrvs-core\/opencrvs-core\/branch\/"/d' ./trivy-results-branch.sarif
jq '.runs |= map(del(.originalUriBaseIds, .properties))' ./trivy-results-base.sarif > ./trivy-results-base.sarif
jq '.runs |= map(del(.originalUriBaseIds, .properties))' ./trivy-results-branch.sarif > ./trivy-results-branch.sarif
- name: Diff Trivy results to catch newly introduced vulnerabilities
run: diff -u ./trivy-results-base.sarif ./trivy-results-branch.sarif

0 comments on commit 043f73f

Please sign in to comment.