Joshua David Akers · 86cd5751
--- a/building-blocks/trivy-scan.yml

+ 3

− 3
+++ b/building-blocks/trivy-scan.yml

+ 3

− 3
 @@ -19,9 +19,9 @@
        cat ${TRIVY_IGNORE_FILE}
      fi
      if [ -n "${TRIVY_SEVERITY}" ]; then
-        export TRIVY_SEVERITY="--severity ${TRIVY_SEVERITY}"
+        export TRIVY_SEVERITY="${TRIVY_SEVERITY}"
      else
-        export TRIVY_SEVERITY="--severity CRITICAL"
+        export TRIVY_SEVERITY="CRITICAL"
      fi
      echo "Scanning $FULL_IMAGE_NAME"
      trivy --version
 @@ -35,7 +35,7 @@
      # Prints full report
      time trivy image --exit-code 0 --cache-dir .trivycache/ --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
      # Fail on critical vulnerabilities
-      time trivy image --exit-code 1 --cache-dir .trivycache/ $TRIVY_SEVERITY --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
+      time trivy image --exit-code 1 --cache-dir .trivycache/ --no-progress --timeout 15m $TRIVY_IGNORE "$FULL_IMAGE_NAME"
  cache:
    paths:
      - .trivycache/