Mirrors
/
hf_text-generation-inference
mirror of https://github.com/huggingface/text-generation-inference.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat(ci): faster scanning (#180)

This commit is contained in:
OlivierDehaene 2023-04-13 16:23:47 +02:00 committed by GitHub
parent 13f1cd024b
commit c1e2ea3b78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/build.yaml vendored
View File

@ -28,7 +28,7 @@ jobs:
build-and-push-image: build-and-push-image:
runs-on: large runs-on: large
permissions: permissions:
contents: read contents: write
packages: write packages: write
# This is used to complete the identity challenge # This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs. # with sigstore/fulcio when running outside of PRs.
@ -116,6 +116,7 @@ jobs:
format: 'github' format: 'github'
output: 'dependency-results.sbom.json' output: 'dependency-results.sbom.json'
github-pat: ${{ secrets.GITHUB_TOKEN }} github-pat: ${{ secrets.GITHUB_TOKEN }}
scanners: 'vuln'
- name: Run Trivy vulnerability scanner - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master uses: aquasecurity/trivy-action@master
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}
@ -124,6 +125,7 @@ jobs:
format: 'sarif' format: 'sarif'
output: 'trivy-results.sarif' output: 'trivy-results.sarif'
severity: 'CRITICAL' severity: 'CRITICAL'
scanners: 'vuln'
- name: Upload Trivy scan results to GitHub Security tab - name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2 uses: github/codeql-action/upload-sarif@v2
if: ${{ github.event_name != 'pull_request' }} if: ${{ github.event_name != 'pull_request' }}