fix: unblock ci audit checks

2026-05-04 17:27:08 +07:00
parent 57cd84aebf
commit 388bc972c1
20 changed files with 283 additions and 216 deletions
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -97,7 +97,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=api-scan

      - name: Run Trivy vulnerability scanner (API)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-api:scan"
          format: "sarif"
@@ -109,12 +109,13 @@ jobs:
      - name: Upload Trivy SARIF (API)
        uses: github/codeql-action/upload-sarif@v3
        if: always()
+        continue-on-error: true
        with:
          sarif_file: "trivy-api-results.sarif"
          category: "trivy-api"

      - name: Trivy table output (API)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-api:scan"
          format: "table"
@@ -145,7 +146,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=web-scan

      - name: Run Trivy vulnerability scanner (Web)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-web:scan"
          format: "sarif"
@@ -156,12 +157,13 @@ jobs:
      - name: Upload Trivy SARIF (Web)
        uses: github/codeql-action/upload-sarif@v3
        if: always()
+        continue-on-error: true
        with:
          sarif_file: "trivy-web-results.sarif"
          category: "trivy-web"

      - name: Trivy table output (Web)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-web:scan"
          format: "table"
@@ -192,7 +194,7 @@ jobs:
          cache-to: type=gha,mode=max,scope=ai-scan

      - name: Run Trivy vulnerability scanner (AI)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-ai:scan"
          format: "sarif"
@@ -203,12 +205,13 @@ jobs:
      - name: Upload Trivy SARIF (AI)
        uses: github/codeql-action/upload-sarif@v3
        if: always()
+        continue-on-error: true
        with:
          sarif_file: "trivy-ai-results.sarif"
          category: "trivy-ai"

      - name: Trivy table output (AI)
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          image-ref: "goodgo-ai:scan"
          format: "table"
@@ -226,7 +229,7 @@ jobs:
        uses: actions/checkout@v4

      - name: Run Trivy filesystem scanner
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."
@@ -239,12 +242,13 @@ jobs:
      - name: Upload Trivy SARIF (filesystem)
        uses: github/codeql-action/upload-sarif@v3
        if: always()
+        continue-on-error: true
        with:
          sarif_file: "trivy-fs-results.sarif"
          category: "trivy-filesystem"

      - name: Trivy filesystem table output
-        uses: aquasecurity/trivy-action@0.28.0
+        uses: aquasecurity/trivy-action@v0.36.0
        with:
          scan-type: "fs"
          scan-ref: "."