trivy-for-services

AydarN · AydarN · commit 77500a130dc2 · 2023-07-03T09:31:35.000+03:00
diff --git a/.github/workflows/maven-library-build.yml b/.github/workflows/maven-library-build.yml
@@ -43,13 +43,7 @@ jobs:
           mvn \
             --no-transfer-progress \
             --batch-mode ${{ inputs.mvn-options }} \
-            clean compile site
-
-      - name: Upload SBOM
-        uses: actions/upload-artifact@v3
-        with:
-          name: bom.json
-          path: 'target/bom.json'
+            clean compile ${{ inputs.mvn-args }}
 
   test-coverage:
     runs-on: ubuntu-20.04
@@ -74,18 +68,3 @@ jobs:
       - name: Upload code coverage
         uses: codecov/codecov-action@v3
 
-  scan:
-    name: Scan with Trivy
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Trivy CLI
-        run: |
-          wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
-          sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
-      - uses: actions/download-artifact@v3
-        with:
-          name: bom.json
-      - name: Run Trivy with SBOM
-        run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
diff --git a/.github/workflows/maven-swag-build.yml b/.github/workflows/maven-swag-build.yml
@@ -48,23 +48,8 @@ jobs:
         run: npm run validate
 
       - name: Build server jar
-        run: mvn --batch-mode site clean package -f pom.xml -P="server"
+        run: mvn --batch-mode clean package -f pom.xml -P="server"
 
       - name: Build client jar
-        run: mvn --batch-mode site clean package -f pom.xml -P="client"
+        run: mvn --batch-mode clean package -f pom.xml -P="client"
 
-  scan:
-    name: Scan with Trivy
-    needs: bundle
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Trivy CLI
-        run: |
-          wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
-          sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
-      - uses: actions/download-artifact@v3
-        with:
-          name: bom.json
-      - name: Run Trivy with SBOM
-        run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
diff --git a/.github/workflows/maven-thrift-build.yml b/.github/workflows/maven-thrift-build.yml
@@ -36,26 +36,5 @@ jobs:
           echo "::set-output name=SHA_7::${GITHUB_SHA::7}"
         id: commit_info
       - name: Build package
-        run: mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" site clean compile -f pom.xml
+        run: mvn --batch-mode -Dcommit.number=${{ steps.commit_info.outputs.COMMIT_NUMBER }} -Drevision="1.${{ steps.commit_info.outputs.COMMIT_NUMBER }}-${{ steps.commit_info.outputs.SHA_7 }}" clean compile -f pom.xml
 
-      - name: Upload SBOM
-        uses: actions/upload-artifact@v3
-        with:
-          name: bom.json
-          path: 'target/bom.json'
-
-  scan:
-    name: Scan with Trivy
-    needs: build
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install Trivy CLI
-        run: |
-          wget https://github.com/aquasecurity/trivy/releases/download/v0.39.1/trivy_0.39.1_Linux-64bit.deb
-          sudo dpkg -i trivy_0.39.1_Linux-64bit.deb
-      - uses: actions/download-artifact@v3
-        with:
-          name: bom.json
-      - name: Run Trivy with SBOM
-        run: trivy sbom --exit-code 1 --severity CRITICAL,HIGH ./bom.json
