Skip to content

Commit d116ba9

Browse files
connoravo-nhststephen-nhs
connoravo-nhs
and
tstephen-nhs
authored
Fix: [AEA-0000] - Always run valid trivy scans even if a previous scan failed, so that all vulnerabilities are identified at once. Shorten feedback cycle for vulnerabilities across multiple scans. (#78)
## Summary - Routine Change ### Details Always run required trivy vulnerability scans for all that apply, even if the previous scan has identified vulnerabilities and has failed. This shortens the feedback cycle for vulnerabilities across multiple scan types. --------- Signed-off-by: Connor Avery <214469360+connoravo-nhs@users.noreply.github.com> Co-authored-by: tstephen-nhs <231503406+tstephen-nhs@users.noreply.github.com>
1 parent aac5b79 commit d116ba9

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

.github/workflows/quality-checks.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -263,7 +263,7 @@ jobs:
263263
path: sbom.cdx.json
264264

265265
- name: Check python vulnerabilities
266-
if: ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
266+
if: ${{ always() && steps.check_languages.outputs.uses_poetry == 'true'}}
267267
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
268268
with:
269269
scan-type: "fs"
@@ -276,7 +276,7 @@ jobs:
276276
exit-code: "1"
277277
trivy-config: trivy.yaml
278278
- name: Check node vulnerabilities
279-
if: ${{ steps.check_languages.outputs.uses_node == 'true' }}
279+
if: ${{ always() && steps.check_languages.outputs.uses_node == 'true' }}
280280
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
281281
with:
282282
scan-type: "fs"
@@ -289,7 +289,7 @@ jobs:
289289
exit-code: "1"
290290
trivy-config: trivy.yaml
291291
- name: Check go vulnerabilities
292-
if: ${{ steps.check_languages.outputs.uses_go == 'true' }}
292+
if: ${{ always() && steps.check_languages.outputs.uses_go == 'true' }}
293293
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
294294
with:
295295
scan-type: "fs"
@@ -301,7 +301,7 @@ jobs:
301301
output: "dependency_results_go.txt"
302302
exit-code: "1"
303303
- name: Check java vulnerabilities
304-
if: ${{ steps.check_languages.outputs.uses_java == 'true' }}
304+
if: ${{ always() && steps.check_languages.outputs.uses_java == 'true' }}
305305
uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478
306306
with:
307307
scan-type: "fs"

0 commit comments

Comments
 (0)