@@ -168,7 +168,10 @@ jobs:
168168 echo "****************"
169169 echo "uses_go=false" >> "$GITHUB_OUTPUT"
170170 fi
171-
171+ cat <<EOF > trivy.yaml
172+ pkg:
173+ include-dev-deps: true
174+ EOF
172175 - name : Check python licenses
173176 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
174177 if : ${{ steps.check_languages.outputs.uses_poetry == 'true' }}
@@ -181,6 +184,7 @@ jobs:
181184 output : " license_scan_python.json"
182185 exit-code : " 1"
183186 list-all-pkgs : " true"
187+ trivy-config : trivy.yaml
184188 - name : Check node licenses
185189 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
186190 if : ${{ steps.check_languages.outputs.uses_node == 'true' }}
@@ -193,6 +197,7 @@ jobs:
193197 output : " license_scan_node.json"
194198 exit-code : " 1"
195199 list-all-pkgs : " true"
200+ trivy-config : trivy.yaml
196201 - name : Check go licenses
197202 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
198203 if : ${{ steps.check_languages.outputs.uses_go == 'true' }}
@@ -205,6 +210,7 @@ jobs:
205210 output : " license_scan_go.json"
206211 exit-code : " 1"
207212 list-all-pkgs : " true"
213+ trivy-config : trivy.yaml
208214 - name : Check java licenses
209215 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
210216 if : ${{ steps.check_languages.outputs.uses_java == 'true' }}
@@ -217,6 +223,7 @@ jobs:
217223 output : " license_scan_java.json"
218224 exit-code : " 1"
219225 list-all-pkgs : " true"
226+ trivy-config : trivy.yaml
220227 - name : Show license scan output
221228 if : always()
222229 run : |
@@ -262,6 +269,7 @@ jobs:
262269 format : " table"
263270 output : " dependency_results_python.txt"
264271 exit-code : " 1"
272+ trivy-config : trivy.yaml
265273 - name : Generate and check node SBOMs
266274 if : ${{ steps.check_languages.outputs.uses_node == 'true' }}
267275 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
@@ -273,6 +281,7 @@ jobs:
273281 format : " table"
274282 output : " dependency_results_node.txt"
275283 exit-code : " 1"
284+ trivy-config : trivy.yaml
276285 - name : Generate and check java SBOMs
277286 if : ${{ steps.check_languages.outputs.uses_java == 'true' }}
278287 uses : aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8
@@ -295,6 +304,7 @@ jobs:
295304 format : " table"
296305 output : " dependency_results_go.txt"
297306 exit-code : " 1"
307+ trivy-config : trivy.yaml
298308 - name : Show scan output
299309 if : always()
300310 run : |
0 commit comments