Skip to content
This repository was archived by the owner on Aug 22, 2025. It is now read-only.

Commit 9905a45

Browse files
ciroqueciroque
committed
SQUASH: fidgeting with Docker Image Build Action
1 parent cf9baf1 commit 9905a45

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

.github/workflows/build-and-sign-image.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,13 @@ jobs:
5353
push: false
5454
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
5555

56+
# NOTE: This runs statically against the latest tag in Docker Hub which was not produced by this workflow
57+
# This should be updated once this workflow is fully implemented
5658
- name: Run Trivy vulnerability scanner
5759
uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee # 0.9.2
5860
continue-on-error: true
5961
with:
60-
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
62+
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
6163
format: 'sarif'
6264
output: 'trivy-results-${{ inputs.image }}.sarif'
6365
ignore-unfixed: 'true'

0 commit comments

Comments
 (0)