From 0b1a76d9fca6df8cbe0facb994ad7bffa8832ffc Mon Sep 17 00:00:00 2001
From: Juan Antonio Osorio <ozz@stacklok.com>
Date: Fri, 20 Dec 2024 09:59:40 +0200
Subject: [PATCH] Only warn on critical issues for trivy (#253)

This is just a testing tool, we don't wanna be carrying weird vulns on
testing code, but this also isn't shipped anywhere.

Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>
---
 .github/workflows/trivy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 027f82f..d347b39 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -17,6 +17,7 @@ jobs:
           scanners: vuln,secret
           exit-code: 1
           ignore-unfixed: true
+          severity: 'CRITICAL'
         env:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
           TRIVY_USERNAME: ${{ github.actor }}