Skip to content

Update testing.rst #153

Update testing.rst

Update testing.rst #153

Workflow file for this run

name: Check vulnerabilities
on:
push:
paths-ignore:
- '**.md'
pull_request:
branches:
- master
paths-ignore:
- '!**.md'
release:
types:
- released
jobs:
clone:
runs-on: ubuntu-22.04
steps:
- name: Setup Python
uses: actions/setup-python@v1
with:
python-version: '3.10'
architecture: x64
- name: Checkout pycsw
uses: actions/checkout@master
vulnerabilities:
needs: [clone]
runs-on: ubuntu-22.04
steps:
- name: Scan vulnerabilities with trivy
run: |
sudo apt-get install -y wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install -y trivy
trivy --exit-code 1 fs --scanners vuln,misconfig,secret --severity HIGH,CRITICAL --ignore-unfixed .