Skip to content

fix: make Security Analysis workflow resilient to MCR pull failures#27

Merged
idvoretskyi merged 1 commit intomainfrom
copilot/fix-trivy-runs
Apr 27, 2026
Merged

fix: make Security Analysis workflow resilient to MCR pull failures#27
idvoretskyi merged 1 commit intomainfrom
copilot/fix-trivy-runs

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 27, 2026

The Security Analysis workflow was failing entirely when mcr.microsoft.com returned 403 Forbidden pulling the devcontainer base image — no SARIF files were produced, causing Trivy and CodeQL upload steps to error out.

Changes

  • Docker build step: added id: build + continue-on-error: true so a transient MCR outage no longer fails the job
  • Image-dependent steps (image Trivy scan, SARIF upload, SBOM generation, SBOM artifact upload): gated with if: steps.build.outcome == 'success' so they skip cleanly rather than crash when the image isn't available
  • Filesystem scan: unconditional — always runs and always uploads results regardless of build outcome
  • Severity: both Trivy scans already scoped to CRITICAL,HIGH; no change needed

@idvoretskyi idvoretskyi marked this pull request as ready for review April 27, 2026 12:58
@idvoretskyi idvoretskyi merged commit 2ab3c54 into main Apr 27, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@idvoretskyi idvoretskyi

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@idvoretskyi