Fix: Install git for Gitleaks and use direct Trivy binary download
Some checks failed
CI / lint-and-test (push) Successful in 55s
CI / secret-scanning (push) Has been cancelled
CI / dependency-scan (push) Has been cancelled
CI / sast-scan (push) Has been cancelled
CI / license-check (push) Has been cancelled
CI / vault-check (push) Has been cancelled
CI / playbook-test (push) Has been cancelled
CI / container-scan (push) Has been cancelled
CI / ansible-validation (push) Has been cancelled
Some checks failed
CI / lint-and-test (push) Successful in 55s
CI / secret-scanning (push) Has been cancelled
CI / dependency-scan (push) Has been cancelled
CI / sast-scan (push) Has been cancelled
CI / license-check (push) Has been cancelled
CI / vault-check (push) Has been cancelled
CI / playbook-test (push) Has been cancelled
CI / container-scan (push) Has been cancelled
CI / ansible-validation (push) Has been cancelled
This commit is contained in:
ilia
parent
a9ed19c9d2
commit
6d14cf9253
@ -72,9 +72,9 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Install Gitleaks
|
||||
- name: Install git and Gitleaks
|
||||
run: |
|
||||
apt-get update && apt-get install -y wget curl
|
||||
apt-get update && apt-get install -y wget curl git
|
||||
GITLEAKS_VERSION=$(curl -s https://api.github.com/repos/gitleaks/gitleaks/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
|
||||
wget -q "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" -O /tmp/gitleaks.tar.gz
|
||||
tar -xzf /tmp/gitleaks.tar.gz -C /usr/local/bin/ gitleaks
|
||||
@ -102,10 +102,11 @@ jobs:
|
||||
- name: Install Trivy
|
||||
run: |
|
||||
apt-get update && apt-get install -y wget curl
|
||||
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
|
||||
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
|
||||
apt-get update && apt-get install -y trivy || \
|
||||
(wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
|
||||
# Use direct binary download (more reliable than apt repo)
|
||||
wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
|
||||
chmod +x /usr/local/bin/trivy
|
||||
trivy --version
|
||||
trivy --version
|
||||
|
||||
- name: Scan npm dependencies
|
||||
run: |
|
||||
@ -281,10 +282,11 @@ jobs:
|
||||
- name: Install Trivy
|
||||
run: |
|
||||
apt-get update && apt-get install -y wget curl
|
||||
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - || true
|
||||
echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | tee -a /etc/apt/sources.list.d/trivy.list
|
||||
apt-get update && apt-get install -y trivy || \
|
||||
(wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64 && chmod +x /usr/local/bin/trivy)
|
||||
# Use direct binary download (more reliable than apt repo)
|
||||
wget -qO /usr/local/bin/trivy https://github.com/aquasecurity/trivy/releases/latest/download/trivy_linux_amd64
|
||||
chmod +x /usr/local/bin/trivy
|
||||
trivy --version
|
||||
trivy --version
|
||||
|
||||
- name: Scan for Dockerfiles and container configs
|
||||
run: |
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user