From 2ce573b91f3fa6e5bc6f48b9274425ddbc48825b Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Tue, 26 Nov 2024 18:07:42 +0000 Subject: [PATCH] chore: only upload trivy results for main branch --- .github/workflows/ci.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d5d17b2..5a3697f 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -191,6 +191,7 @@ jobs: - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.29.0 + if: github.ref == 'refs/heads/main' with: image-ref: envbox:latest format: sarif @@ -199,12 +200,14 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 + if: github.ref == 'refs/heads/main' with: sarif_file: trivy-results.sarif category: "Trivy" - name: Upload Trivy scan results as an artifact uses: actions/upload-artifact@v3 + if: github.ref == 'refs/heads/main' with: name: trivy path: trivy-results.sarif