Change workflow for scanning cves

streamnative · May 7, 2024 · 170902d · 170902d
1 parent 0a26bfe
commit 170902d
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 43 deletions.
diff --git a/.github/workflows/test-function-runner.yml b/.github/workflows/test-function-runner.yml
@@ -59,48 +59,6 @@ jobs:
         run: |
           PULSAR_IMAGE_TAG=3.2.2.1 PULSAR_IMAGE=streamnative/sn-platform KIND_PUSH=false images/build.sh
 
-      - name: Run Trivy vulnerability scanner for java
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-java-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
-      - name: Run Trivy vulnerability scanner for python
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-python-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
-      - name: Run Trivy vulnerability scanner for go
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-go-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
-      - name: Run Trivy vulnerability scanner for java with pulsarctl
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-pulsarctl-java-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
-      - name: Run Trivy vulnerability scanner for python with pulsarctl
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-pulsarctl-python-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
-      - name: Run Trivy vulnerability scanner for go with pulsarctl
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: 'pulsar-functions-pulsarctl-go-runner:latest'
-          format: 'table'
-          exit-code: '1'
-
       - name: Verify function runner
         run: |
           .ci/verify_function_runner.sh

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -59,4 +59,51 @@ jobs:
         with:
           image-ref: 'function-mesh-operator:latest'
           format: 'table'
-          exit-code: '1'
+          exit-code: '1'
+
+      - name: Build runner images
+        run: |
+          PULSAR_IMAGE_TAG=3.2.2.5 PULSAR_IMAGE=streamnative/sn-platform KIND_PUSH=false images/build.sh
+
+      - name: Run Trivy vulnerability scanner for java
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-java-runner:latest'
+          format: 'table'
+          exit-code: '1'
+
+      - name: Run Trivy vulnerability scanner for python
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-python-runner:latest'
+          format: 'table'
+          exit-code: '1'
+
+      - name: Run Trivy vulnerability scanner for go
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-go-runner:latest'
+          format: 'table'
+          exit-code: '1'
+
+      - name: Run Trivy vulnerability scanner for java with pulsarctl
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-pulsarctl-java-runner:latest'
+          format: 'table'
+          exit-code: '1'
+
+      - name: Run Trivy vulnerability scanner for python with pulsarctl
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-pulsarctl-python-runner:latest'
+          format: 'table'
+          exit-code: '1'
+
+      - name: Run Trivy vulnerability scanner for go with pulsarctl
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'pulsar-functions-pulsarctl-go-runner:latest'
+          format: 'table'
+          exit-code: '1'
+