|
|
@ -167,9 +167,9 @@ if [ $trivyConfig ]; then
|
|
|
|
trivy --config $trivyConfig ${scanType} ${artifactRef}
|
|
|
|
trivy --config $trivyConfig ${scanType} ${artifactRef}
|
|
|
|
returnCode=$?
|
|
|
|
returnCode=$?
|
|
|
|
else
|
|
|
|
else
|
|
|
|
echo "Running trivy with options: ${ARGS}" "${artifactRef}"
|
|
|
|
echo "Running trivy with options: trivy ${scanType} ${ARGS}" "${artifactRef}"
|
|
|
|
echo "Global options: " "${GLOBAL_ARGS}"
|
|
|
|
echo "Global options: " "${GLOBAL_ARGS}"
|
|
|
|
trivy $GLOBAL_ARGS ${scanType} $ARGS ${artifactRef}
|
|
|
|
trivy $GLOBAL_ARGS ${scanType} ${ARGS} ${artifactRef}
|
|
|
|
returnCode=$?
|
|
|
|
returnCode=$?
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
@ -181,9 +181,13 @@ if [[ "${format}" == "sarif" ]]; then
|
|
|
|
trivy --quiet ${scanType} --format sarif --output ${output} $SARIF_ARGS ${artifactRef}
|
|
|
|
trivy --quiet ${scanType} --format sarif --output ${output} $SARIF_ARGS ${artifactRef}
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [[ "${format}" == "github" ]] && [[ "$(echo $githubPAT | xargs)" != "" ]]; then
|
|
|
|
if [[ "${format}" == "github" ]]; then
|
|
|
|
echo "Uploading GitHub Dependency Snapshot"
|
|
|
|
if [[ "$(echo $githubPAT | xargs)" != "" ]]; then
|
|
|
|
curl -u "${githubPAT}" -H 'Content-Type: application/json' 'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs)
|
|
|
|
printf "\n Uploading GitHub Dependency Snapshot"
|
|
|
|
|
|
|
|
curl -u "${githubPAT}" -H 'Content-Type: application/json' 'https://api.github.com/repos/'$GITHUB_REPOSITORY'/dependency-graph/snapshots' -d @./$(echo $output | xargs)
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
printf "\n Failing GitHub Dependency Snapshot. Missing github-pat"
|
|
|
|
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
exit $returnCode
|
|
|
|
exit $returnCode
|
|
|
|