Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/rvesse/setup-trivy-debugging
A test repo for debugging issues with the setup-trivy action
https://github.com/rvesse/setup-trivy-debugging
Last synced: 10 days ago
JSON representation
A test repo for debugging issues with the setup-trivy action
- Host: GitHub
- URL: https://github.com/rvesse/setup-trivy-debugging
- Owner: rvesse
- License: apache-2.0
- Created: 2024-10-14T08:45:59.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2024-10-17T08:52:18.000Z (3 months ago)
- Last Synced: 2024-11-07T21:06:23.406Z (2 months ago)
- Size: 18.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Setup Trivy Action Debugging
A small repository to provide example GitHub workflows that demonstrate issues with using the
https://github.com/aquasecurity/setup-trivy action.
Essentially since they introduced the setup action it no longer avoids repeated work, so if you call
https://github.com/aquasecurity/trivy-action more than once in your workflow you get Trivy installed multiple times
which is wasted effort and could lead to hitting rate limiting errors.
There are several example workflows in this repository:
- [`setup-trivy-indirect.yml`](.github/workflows/setup-trivy-indirect.yml) which only calls the main `trivy-action`
but demonstrates that `setup-trivy` is getting called multiple times as a result
- [`setup-trivy-only-latest.yml`](.github/workflows/setup-trivy-only.yml) which calls `setup-trivy` directly and demonstrates
that if called multiple times `trivy` is installed multiple times.
- There are also variants with `-v0.1.0` and `-v0.2.0` suffixes that test those specific versions of the
`setup-trivy` action
- The `-fixed` suffix demonstrates a proposed fix found in my personal fork of the `setup-trivy` action