Merge pull request #741 from dsmf/chore/trivy-fix

chore(trivy):[#xxx] trivy fix mentioned in the Community Office Hour

.github/workflows/trivy-image-scan.yml

@@ -58,9 +58,11 @@ jobs:
  image-ref: "localhost:5000/irs-api:testing"
  format: "sarif"
  output: "trivy-results2.sarif"
- exit-code: "1"
+ exit-code: "1" # Trivy exits with code 1 if vulnerabilities are found, causing the workflow step to fail.
  severity: "CRITICAL,HIGH"
  trivyignores: .config/.trivyignore
+ limit-severities-for-sarif: true
+
 
  - name: Upload Trivy scan results to GitHub Security tab
  if: always()

CHANGELOG.md

@@ -12,6 +12,7 @@ _**For better traceability add the corresponding GitHub issue number in each cha
 
 - Fixed ESS Investigation job processing not starting #579
 - Policy store API returns 'rightOperand' without 'odrl:' prefix now (see traceability-foss/issues/970).
+- Fixed trivy workflow to fail only on CRITICAL, HIGH (according to https://github.com/eclipse-tractusx/eclipse-tractusx.github.io/pull/949/files).
 
 ### Changed