diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index a8be8a11..89464197 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -1,6 +1,6 @@ ################################################################################# -# Copyright (c) 2022,2023 T-Systems International GmbH -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 T-Systems International GmbH +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -19,18 +19,15 @@ ################################################################################ name: "Trivy" + on: - push: - branches: - - main schedule: - # Once a day - - cron: "0 0 * * *" + - cron: "0 0 * * 0" workflow_dispatch: - # Trigger manually jobs: - analyze-config: + analyze: + name: Analyze runs-on: ubuntu-latest permissions: actions: read @@ -38,16 +35,18 @@ jobs: security-events: write steps: - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@0.12.0 + uses: aquasecurity/trivy-action@0.18.0 with: - image-ref: "tractusx/sdfactory:latest" + image-ref: "tractusx/sdfactory:latest" # Pull image from Docker Hub and run Trivy vulnerability scanner format: "sarif" output: "trivy-results.sarif" - vuln-type: "os,library" + exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail. + severity: "CRITICAL,HIGH" # While vulnerabilities of all severities are reported in the SARIF output, the exit code and workflow failure are triggered only by these specified severities (CRITICAL or HIGH). + hide-progress: false - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 + if: always() with: - sarif_file: "trivy-results.sarif" \ No newline at end of file + sarif_file: "trivy-results.sarif" diff --git a/README.md b/README.md index eb83bc5b..12a52ed9 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ further processing. ```shell Software version: 2.1.10 -Helm Chart version: 2.1.14 +Helm Chart version: 2.1.15 ``` diff --git a/charts/sdfactory/Chart.yaml b/charts/sdfactory/Chart.yaml index 3e92c008..3a714b85 100644 --- a/charts/sdfactory/Chart.yaml +++ b/charts/sdfactory/Chart.yaml @@ -38,7 +38,7 @@ sources: # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: "2.1.14" +version: "2.1.15" # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/sdfactory/README.md b/charts/sdfactory/README.md index a5d9eb31..66545a5a 100644 --- a/charts/sdfactory/README.md +++ b/charts/sdfactory/README.md @@ -1,6 +1,6 @@ # sdfactory -![Version: 2.1.14](https://img.shields.io/badge/Version-2.1.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.10](https://img.shields.io/badge/AppVersion-2.1.10-informational?style=flat-square) +![Version: 2.1.15](https://img.shields.io/badge/Version-2.1.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.10](https://img.shields.io/badge/AppVersion-2.1.10-informational?style=flat-square) Helm Charts for SD Factory application. Self-Description Factory component is responsible for the creation of Self Descriptions.