cs_betty/cartsnitch-fork-test
1
0
Fork 0
forked from cartsnitch/cartsnitch
Code Pull Requests Activity

fix: add only-fixed flag to Grype scans to skip unfixable CVEs

Browse Source 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Hugh Hackman
2026-04-15 00:28:56 +00:00
parent 1e8223caeb
commit bd2e8feff6
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+4
View File
@@ -170,6 +170,7 @@ jobs:
image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}" image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true fail-build: true
severity-cutoff: high severity-cutoff: high
only-fixed: "true"
output-format: sarif output-format: sarif
- name: Upload frontend scan results to GitHub Security - name: Upload frontend scan results to GitHub Security
@@ -266,6 +267,7 @@ jobs:
image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}" image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true fail-build: true
severity-cutoff: high severity-cutoff: high
only-fixed: "true"
output-format: sarif output-format: sarif
- name: Upload auth scan results to GitHub Security - name: Upload auth scan results to GitHub Security
@@ -351,6 +353,7 @@ jobs:
image: "${{ env.REGISTRY }}/${{ env.RECEIPTWITNESS_IMAGE_NAME }}:sha-${{ github.sha }}" image: "${{ env.REGISTRY }}/${{ env.RECEIPTWITNESS_IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true fail-build: true
severity-cutoff: high severity-cutoff: high
only-fixed: "true"
output-format: sarif output-format: sarif
- name: Upload receiptwitness scan results to GitHub Security - name: Upload receiptwitness scan results to GitHub Security
@@ -436,6 +439,7 @@ jobs:
image: "${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }}:sha-${{ github.sha }}" image: "${{ env.REGISTRY }}/${{ env.API_IMAGE_NAME }}:sha-${{ github.sha }}"
fail-build: true fail-build: true
severity-cutoff: high severity-cutoff: high
only-fixed: "true"
output-format: sarif output-format: sarif
- name: Upload api scan results to GitHub Security - name: Upload api scan results to GitHub Security