From 82a7bb9ce05269f459f27a0bcb5e7bf9252b7edf Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Wed, 18 Jan 2023 22:42:48 +0000
Subject: [PATCH] another scan tweak

---
 Jenkinsfile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 96cac47..3ec5f8a 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -123,8 +123,11 @@ pipeline {
                          // Scan again and fail on CRITICAL vulns
                          //below can be temporarily commented to prevent build from failing
                          echo "Scanning for CRITICAL vulnerabilities only (fatal)..."
-                         sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
-                         sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
+                         // 2 scans below are temp (os scan only, no lib scan), while timeout issues are worked
+                         // sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
+                         // sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
+                         sh "trivy image --ignore-unfixed --vuln-type os --exit-code 1 --severity CRITICAL ${imagename}_${tag}"
+                         sh "trivy image --ignore-unfixed --vuln-type os --exit-code 1 --severity CRITICAL ${imagename}_${tag}:arm64"
                          //echo "Skipping scan for CRITICAL vulnerabilities (temporary)..."
                    } catch(error) {
                            def error_details = readFile('./debug');