Fix Trivy: run directly via docker instead of action to avoid exit code issues

2026-03-26 21:35:58 +00:00 · 2026-03-11 19:49:03 +00:00 · 2026-03-11 19:49:03 +00:00 · 3ae2d2dee5
commit 3ae2d2dee5
parent 36a706b627
1 changed files with 7 additions and 6 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@ -61,12 +61,13 @@ jobs:
            version=${{ needs.resolve-version.outputs.version }}

      - name: Run Trivy vulnerability scan
-        uses: aquasecurity/trivy-action@0.30.0
-        with:
-          image-ref: "protonmail-bridge:test"
-          format: 'table'
-          exit-code: 0
-          severity: 'CRITICAL,HIGH'
+        continue-on-error: true
+        run: |
+          docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \
+            aquasec/trivy:latest image \
+            --severity CRITICAL,HIGH \
+            --exit-code 0 \
+            protonmail-bridge:test

  build:
    runs-on: ubuntu-latest