USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: update Trivy scan config (#7934)

pull/7929/head
Joe Chen 2025-03-04 23:07:09 -05:00 committed by GitHub
parent 46a84fdad5
commit 2208f17e8e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/docker.yml vendored
View File

@ -5,6 +5,7 @@ on:
- main - main
pull_request: pull_request:
paths: paths:
- '.trivy.yaml'
- 'Dockerfile' - 'Dockerfile'
- 'docker/**' - 'docker/**'
- '.github/workflows/docker.yml' - '.github/workflows/docker.yml'

4
trivy.yaml
View File

@ -1,7 +1,7 @@
scan: scan:
skip-files: skip-files:
# CVE patching of the following things is far behind and out of our control. - "usr/sbin/gosu" # CVE patching is far behind and out of our control.
- "usr/sbin/gosu" - "app/gogs/gogs" # False positives on main builds
severity: severity:
- CRITICAL - CRITICAL