diff --git a/.forgejo/workflows/ci.yaml b/.forgejo/workflows/ci.yaml index be25880..e597670 100644 --- a/.forgejo/workflows/ci.yaml +++ b/.forgejo/workflows/ci.yaml @@ -66,29 +66,29 @@ jobs: echo "IMAGE_REF=${IMAGE_REF}" >> "${GITHUB_ENV}" docker build -t "${IMAGE_REF}" . - - name: Trivy scan (securecodebox) - run: | - docker run --rm \ - -v /var/run/docker.sock:/var/run/docker.sock \ - -v "${PWD}:/workspace" \ - -w /workspace \ - harbor.k8s.sk4.nz/docker-mirror/aquasec/trivy:latest \ - image --no-progress --format json --output trivy-results.json "${IMAGE_REF}" - - - name: Upload to DefectDojo - run: | - curl -sSf -X POST "${DEFECTDOJO_URL}/api/v2/import-scan/" \ - -H "Authorization: Token ${DEFECTDOJO_API_KEY}" \ - -F "scan_type=Trivy Scan" \ - -F "minimum_severity=Low" \ - -F "product_type_name=${DEFECTDOJO_PRODUCT_TYPE}" \ - -F "product_name=${DEFECTDOJO_PRODUCT}" \ - -F "engagement_name=${DEFECTDOJO_ENGAGEMENT}" \ - -F "file=@trivy-results.json" \ - -F "verified=true" \ - -F "active=true" - env: - DEFECTDOJO_API_KEY: ${{ secrets.DEFECTDOJO_API_KEY }} +# - name: Trivy scan (securecodebox) +# run: | +# docker run --rm \ +# -v /var/run/docker.sock:/var/run/docker.sock \ +# -v "${PWD}:/workspace" \ +# -w /workspace \ +# harbor.k8s.sk4.nz/docker-mirror/aquasec/trivy:latest \ +# image --no-progress --format json --output trivy-results.json "${IMAGE_REF}" +# +# - name: Upload to DefectDojo +# run: | +# curl -sSf -X POST "${DEFECTDOJO_URL}/api/v2/import-scan/" \ +# -H "Authorization: Token ${DEFECTDOJO_API_KEY}" \ +# -F "scan_type=Trivy Scan" \ +# -F "minimum_severity=Low" \ +# -F "product_type_name=${DEFECTDOJO_PRODUCT_TYPE}" \ +# -F "product_name=${DEFECTDOJO_PRODUCT}" \ +# -F "engagement_name=${DEFECTDOJO_ENGAGEMENT}" \ +# -F "file=@trivy-results.json" \ +# -F "verified=true" \ +# -F "active=true" +# env: +# DEFECTDOJO_API_KEY: ${{ secrets.DEFECTDOJO_API_KEY }} - name: Login to registry (push) run: |