Update/openmetadata trivy scan (#21382)

* updated the workflow * updated * updated * updated * updated * updated * fix the openmetadata server trivy scan to detail out the report on Github Step Summary * fix the openmetadata server trivy scan to detail out the report on Github Step Summary * fix the openmetadata server trivy scan to detail out the report on Github Step Summary
2025-10-03 21:03:48 +00:00 · 2025-05-23 18:43:34 +05:30 · 2025-05-23 18:43:34 +05:30 · 98795e312d
commit 98795e312d
parent 1ee36d41c6
1 changed files with 30 additions and 14 deletions
--- a/.github/workflows/trivy-scan-openmetadata-server.yml
+++ b/.github/workflows/trivy-scan-openmetadata-server.yml
@ -1,17 +1,21 @@
 name: Trivy Scan For OpenMetadata Server Docker Image
+
 on:
  schedule:
    - cron: '15 4 * * *'
  workflow_dispatch:
+
 concurrency: 
  group: trivy-server-scan-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
+
 jobs:
  build-and-scan:
    runs-on: ubuntu-latest
    if: ${{ !github.event.pull_request.draft }}
    permissions:
      pull-requests: write
+
    steps:
      - name: Checkout Repository
        uses: actions/checkout@v4
@ -29,19 +33,31 @@ jobs:
      - name: Build Docker Image
        run: |
          docker build -t openmetadata-server:trivy -f docker/development/Dockerfile .
-
      - name: Run Trivy Image Scan
-        id: trivy_scan
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
        with:
          scan-type: "image"
          image-ref: openmetadata-server:trivy
-            hide-progress: false
+          hide-progress: true
          ignore-unfixed: true
          severity: "HIGH,CRITICAL,MEDIUM"
-            scan-ref: .
-            format: 'template'
-            template: "@.github/trivy/templates/github.tpl"
-            output: $GITHUB_STEP_SUMMARY
+          format: "table"
+          output: trivy.txt
        env:
          TRIVY_DISABLE_VEX_NOTICE: "true"
+
+      - name: Publish Trivy Output to Summary
+        run: |
+          if [[ -s trivy.txt ]]; then
+            {
+              echo "###  Trivy Security Scan Results"
+              echo "<details><summary>Click to expand</summary>"
+              echo ""
+              echo '```text'
+              cat trivy.txt
+              echo '```'
+              echo "</details>"
+            } >> $GITHUB_STEP_SUMMARY
+          else
+            echo "No vulnerabilities found." >> $GITHUB_STEP_SUMMARY
+          fi