Added vuln scan step for testing PRs (#12)

* Added vuln scan step for testing PRs * Changed vuln scan to use default args * Changed MacOS version in test pipeline * Moved vulnerability scan to separate jobs
IABTechLab · Apr 29, 2024 · 2e144a1 · 2e144a1
1 parent fe84d03
commit 2e144a1
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/.github/workflows/test-pull-request.yml b/.github/workflows/test-pull-request.yml
@@ -8,10 +8,9 @@ on:
   workflow_dispatch:
 
 jobs:
-
   swift-code-checks:
     name: Code Tests
-    runs-on: macos-latest
+    runs-on: macos-12
 
     steps:
       - uses: actions/checkout@v3
@@ -23,4 +22,13 @@ jobs:
         run: xcodebuild -scheme UID2GMAPlugin -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14"
 
       - name: Run unit tests
-        run: xcodebuild test -scheme UID2GMAPluginTests -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14"
+        run: xcodebuild test -scheme UID2GMAPluginTests -sdk iphonesimulator16.2 -destination "OS=16.2,name=iPhone 14"
+
+  vulnerability-scan:
+    name: Vulnerability Scan
+    runs-on: ubuntu-latest
+    needs: [swift-code-checks]
+
+    steps:
+      - name: Vulnerability Scan
+        uses: IABTechLab/uid2-shared-actions/actions/vulnerability_scan_filesystem@v2
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,5 @@
+# List any vulnerability that are to be accepted
+# See https://aquasecurity.github.io/trivy/v0.35/docs/vulnerability/examples/filter/ 
+# for more details
+# e.g. 
+# CVE-2022-3996