Add CVE-2025-0395 to .trivyignore (#1362)

* fixing trivy issue * updated description for trivyignore.yaml * removed trivyignore.yaml and adding plain text * fixing trivy issue * updated description for trivyignore.yaml * removed trivyignore.yaml and adding plain text * including trivyignore
securefederatedai · Feb 12, 2025 · a64af0b · a64af0b
1 parent 72c70d5
commit a64af0b
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -55,6 +55,12 @@ jobs:
           --db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
           .
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Code Vulnerability Scan Results
         uses: actions/upload-artifact@v4
         with:
@@ -71,9 +77,16 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+          trivyignores: '.trivyignore'
         env:
           TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db'
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Docker Vulnerability Scan
         uses: actions/upload-artifact@v4
         with:
@@ -91,6 +104,12 @@ jobs:
           --db-repository 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db' \
           .
   
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Code Vulnerability Scan Results
         uses: actions/upload-artifact@v4
         with:
@@ -107,9 +126,16 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH,MEDIUM,LOW'
+          trivyignores: '.trivyignore'
         env:
           TRIVY_DB_REPOSITORY: 'ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db'
 
+      - name: Display Trivy Scan Results
+        if: failure()  # Ensure this step runs regardless of the previous step's outcome
+        run: |
+          echo "Trivy Scan Results:"
+          cat trivy-docker-results.json | jq '.Results[] | select(.Vulnerabilities != null) | .Vulnerabilities[] | {VulnerabilityID, PkgName, InstalledVersion, Severity, Description}'
+
       - name: Upload Docker Vulnerability Scan
         uses: actions/upload-artifact@v4
         with:

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# Accept the risk
+CVE-2025-0395