From 79b1f15b3e139e2d1a031e164f0003bc6e0df65b Mon Sep 17 00:00:00 2001
From: groundnuty <groundnuty@gmail.com>
Date: Wed, 23 Nov 2022 02:05:16 +0100
Subject: [PATCH] omit kubectl binary in build trivy scans

---
 .github/workflows/build-and-publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
index 6693213..4deee29 100644
--- a/.github/workflows/build-and-publish.yml
+++ b/.github/workflows/build-and-publish.yml
@@ -47,6 +47,7 @@ jobs:
           exit-code: 1
           format: 'sarif'
           output: 'trivy-results-root.sarif'
+          skip-files: /usr/local/bin/kubectl
       - name: Run Trivy Vulnerability Scanner for Non-Root Image
         uses: aquasecurity/trivy-action@master
         with:
@@ -54,6 +55,7 @@ jobs:
           exit-code: 1
           format: 'sarif'
           output: 'trivy-results-non-root.sarif'
+          skip-files: /usr/local/bin/kubectl
       # just upload root scan results
       - name: Upload Trivy Scan Results to GitHub Security Tab
         uses: github/codeql-action/upload-sarif@v2