add permission to policy #2803

Workflow file for this run

.github/workflows/license_scan.yml at 4f50402

	name: Trivy License Scan

	on:
	push:

	jobs:
	license_scan1:
	name: License scan (rootfs)
	runs-on: ubuntu-latest
	timeout-minutes: 30
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Run license scanner
	uses: aquasecurity/[email protected]
	env:
	#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	with:
	scan-type: "rootfs"
	scan-ref: "."
	scanners: "license"
	severity: "CRITICAL,HIGH"
	exit-code: 1
	github-pat: ${{ secrets.GITHUB_TOKEN }}
	license_scan2:
	name: License scan (repo)
	runs-on: ubuntu-latest
	timeout-minutes: 30
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	- name: npm install (typescript-client)
	run: cd extensions/wrapper/clients/typescript-client && npm clean-install
	- name: npm install (typescript-client-example)
	run: cd extensions/wrapper/clients/typescript-client-example && npm clean-install
	- name: Run license scanner
	uses: aquasecurity/[email protected]
	env:
	#try default GitHub DBs, if failing, use AWS mirror instead (https://github.com/aquasecurity/trivy-action/issues/389)
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
	TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
	with:
	scan-type: "repo"
	scan-ref: "."
	scanners: "license"
	severity: "CRITICAL,HIGH"
	exit-code: 1
	github-pat: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add permission to policy #2803

Workflow file

add permission to policy #2803

Jobs

Run details

Workflow file for this run