chore: Update Trivy vulnerability scanner configuration to use action…

…s/checkout@v4 and include OS vulnerabilities
Nayrode · Jun 3, 2024 · a4c1658 · a4c1658
1 parent 2054594
commit a4c1658
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -7,6 +7,8 @@ jobs:
   lint-gradle-project:
     runs-on: ubuntu-latest
 
+    needs: check-cve
+
     steps:
     - name: Checkout project source
       uses: actions/checkout@v4
@@ -48,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/[email protected]
       with:
@@ -59,7 +61,7 @@ jobs:
         output: trivy.md
         exit-code: '1'
         ignore-unfixed: true
-        vuln-type: 'library'
+        vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH'
     - run: cat trivy.md >> $GITHUB_STEP_SUMMARY
       if: always()