Merge pull request #37 from openHPI/trivy

Checkout code for trivy analysis
2021-11-17 09:00:14 +01:00
parent 051c62b43b fef7d951d2
commit aa87556a45
1 changed files with 2 additions and 1 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -86,6 +86,8 @@ jobs:
    runs-on: ubuntu-latest
    needs: [ compile ]
    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
      - name: Run Trivy vulnerability scanner in repo mode
        uses: aquasecurity/trivy-action@master
        with:
@ -94,7 +96,6 @@ jobs:
          template: '@/contrib/sarif.tpl'
          output: 'trivy-results.sarif'
          severity: 'HIGH,CRITICAL'
-          exit-code: '1'
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        with: