chore: only upload trivy results for main branch

coder · Nov 26, 2024 · 2ce573b · 2ce573b
1 parent 2f74185
commit 2ce573b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -191,6 +191,7 @@ jobs:
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/[email protected]
+        if: github.ref == 'refs/heads/main'
         with:
           image-ref: envbox:latest
           format: sarif
@@ -199,12 +200,14 @@ jobs:
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
+        if: github.ref == 'refs/heads/main'
         with:
           sarif_file: trivy-results.sarif
           category: "Trivy"
 
       - name: Upload Trivy scan results as an artifact
         uses: actions/upload-artifact@v3
+        if: github.ref == 'refs/heads/main'
         with:
           name: trivy
           path: trivy-results.sarif