robot: Fixup trivy scans (#1093)

* 🐧 Delete any files dangling in /tmp Signed-off-by: mudler <mudler@c3os.io> * 🤖 Skip /tmp scan in trivy Signed-off-by: mudler <mudler@c3os.io> --------- Signed-off-by: mudler <mudler@c3os.io>
2025-08-11 13:11:56 +00:00 · 2023-03-10 14:28:14 +01:00 · 2023-03-10 14:28:14 +01:00 · 199f7fff43
commit 199f7fff43
parent 2b87d05def
1 changed files with 5 additions and 3 deletions
--- a/8
+++ b/8
@ -414,6 +414,8 @@ docker:
        END
    END
    RUN rm -rf /tmp/*
    SAVE IMAGE $IMAGE
 docker-rootfs:
@ -537,9 +539,9 @@ trivy-scan:
    ARG FLAVOR
    ARG VARIANT
    WORKDIR /build
-    RUN /trivy filesystem --format sarif -o report.sarif --no-progress /
+    RUN /trivy filesystem --skip-dirs /tmp --format sarif -o report.sarif --no-progress /
-    RUN /trivy filesystem --format template --template "@/contrib/html.tpl" -o report.html --no-progress /
+    RUN /trivy filesystem --skip-dirs /tmp --format template --template "@/contrib/html.tpl" -o report.html --no-progress /
-    RUN /trivy filesystem -f json -o results.json --no-progress /
+    RUN /trivy filesystem --skip-dirs /tmp -f json -o results.json --no-progress /
    SAVE ARTIFACT /build/report.sarif report.sartif AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.sarif
    SAVE ARTIFACT /build/report.html report.html AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.html
    SAVE ARTIFACT /build/results.json results.json AS LOCAL build/${VARIANT}-${FLAVOR}-${VERSION}-trivy.json