diff --git a/.github/workflows/kubernetes.yaml b/.github/workflows/kubernetes.yaml index 67560e5..78cb103 100644 --- a/.github/workflows/kubernetes.yaml +++ b/.github/workflows/kubernetes.yaml @@ -129,6 +129,7 @@ env: IMAGE_SCAN_SEVERITY: LOW IMAGE_SCAN_SEVERITY_THRESHOLD: CRITICAL IMAGE_SCAN_ANNOTATIONS: true + IMAGE_SCAN_TRIVY_TIMEOUT: 10m jobs: initialize: @@ -232,6 +233,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to GitHub run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }} @@ -303,6 +306,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push image to ECR if: inputs.repository_kind == 'ecr' run: | @@ -368,6 +373,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ inputs.registryHostname }}/${{ inputs.registryOrg }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }} @@ -441,6 +448,8 @@ jobs: severity: ${{ env.IMAGE_SCAN_SEVERITY }} severity_threshold: ${{ env.IMAGE_SCAN_SEVERITY_THRESHOLD }} annotations: ${{ env.IMAGE_SCAN_ANNOTATIONS }} + env: + TRIVY_TIMEOUT: ${{ env.IMAGE_SCAN_TRIVY_TIMEOUT }} - name: Push ${{ matrix.containerfile_targets }} image to ECR run: | docker push -a ${{ steps.login-ecr.outputs.registry }}/${{ github.event.deployment.payload.name }}-${{ matrix.containerfile_targets }}