test

benjaminjb · benjaminjb · commit e3a2b9edcf6c · 2023-01-20T16:27:57.000-06:00
diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
@@ -15,13 +15,23 @@ on:
 
 jobs:
   scan:
+    permissions:
+      # contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-latest
 
-    if: ${{ github.repository == 'CrunchyData/postgres-operator' }}
+    #if: ${{ github.repository == 'CrunchyData/postgres-operator' }}
 
     steps:
       - uses: actions/checkout@v3
 
+      - name: Log all detected vulnerabilities
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: fs
+          hide-progress: true
+          # exit-code: 1
+
       # Upload actionable results to the GitHub Security tab.
       # Pull request checks fail according to repository settings.
       #
@@ -35,7 +45,6 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
           hide-progress: true
-          exit-code: 1
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
