diff --git a/.github/workflows/pulsar-ci.yaml b/.github/workflows/pulsar-ci.yaml index 03e83e11a5bc9..68d5362ce90ac 100644 --- a/.github/workflows/pulsar-ci.yaml +++ b/.github/workflows/pulsar-ci.yaml @@ -996,25 +996,25 @@ jobs: - name: Check binary licenses run: src/check-binary-license.sh ./distribution/server/target/apache-pulsar-*-bin.tar.gz && src/check-binary-license.sh ./distribution/shell/target/apache-pulsar-shell-*-bin.tar.gz -# - name: Run Trivy container scan -# id: trivy_scan -# uses: aquasecurity/trivy-action@v0.35.0 -# if: ${{ github.repository == 'apache/pulsar' && github.event_name != 'pull_request' }} -# continue-on-error: true -# with: -# image-ref: "apachepulsar/pulsar:latest" -# scanners: vuln -# severity: CRITICAL,HIGH,MEDIUM,LOW -# limit-severities-for-sarif: true -# format: 'sarif' -# output: 'trivy-results.sarif' -# -# - name: Upload Trivy scan results to GitHub Security tab -# uses: github/codeql-action/upload-sarif@v3 -# if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 'apache/pulsar' && github.event_name != 'pull_request' }} -# continue-on-error: true -# with: -# sarif_file: 'trivy-results.sarif' + - name: Run Trivy container scan + id: trivy_scan + uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 + if: ${{ github.repository == 'apache/pulsar' && github.event_name != 'pull_request' }} + continue-on-error: true + with: + image-ref: "apachepulsar/pulsar:latest" + scanners: vuln + severity: CRITICAL,HIGH,MEDIUM,LOW + limit-severities-for-sarif: true + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v3 + if: ${{ steps.trivy_scan.outcome == 'success' && github.repository == 'apache/pulsar' && github.event_name != 'pull_request' }} + continue-on-error: true + with: + sarif_file: 'trivy-results.sarif' - name: Clean up disk space if: ${{ matrix.base.save_artifact }}