ci: increase trivy fs scan timeout to 30m
PR Checks / test-and-build (pull_request) Failing after 30m17s
PR Checks / test-and-build (pull_request) Failing after 30m17s
Slow ARM64 runners hit the default timeout while downloading the Trivy checks bundle and analyzing workflow YAML files. Extend the timeout so PR checks can complete reliably.
This commit is contained in:
@@ -65,7 +65,7 @@ jobs:
|
|||||||
- name: Trivy filesystem security scan
|
- name: Trivy filesystem security scan
|
||||||
run: |
|
run: |
|
||||||
set +e
|
set +e
|
||||||
trivy fs --scanners vuln,misconfig,secret --exit-code 1 --severity HIGH,CRITICAL . 2>&1 | tee trivy-scan.log
|
trivy fs --timeout 30m --scanners vuln,misconfig,secret --exit-code 1 --severity HIGH,CRITICAL . 2>&1 | tee trivy-scan.log
|
||||||
trivy_exit="${PIPESTATUS[0]}"
|
trivy_exit="${PIPESTATUS[0]}"
|
||||||
if ! grep -Eq "Number of language-specific files[[:space:]]+num=[1-9][0-9]*" trivy-scan.log; then
|
if ! grep -Eq "Number of language-specific files[[:space:]]+num=[1-9][0-9]*" trivy-scan.log; then
|
||||||
echo "::error::Trivy did not detect any language-specific dependency files."
|
echo "::error::Trivy did not detect any language-specific dependency files."
|
||||||
|
|||||||
Reference in New Issue
Block a user