Fix vulnerability scanner not working in the GitHub actions CI and make it less strict#772
Merged
jormundur00 merged 3 commits intomasterfrom Nov 14, 2025
Merged
Conversation
…n equal amount of vulnerabilities to the old version
… we don't crash in the CI
jormundur00
added
bug
jormundur00
force-pushed
the
jormundur00/vulnerability-scanner-fix
branch
from
7635d65 to
3e95f70
Compare
vjovanov
reviewed
Nov 14, 2025
tests/tck-build-logic/src/main/java/org/graalvm/internal/tck/GrypeTask.java
Outdated
Show resolved
Hide resolved
vjovanov
approved these changes
Nov 14, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
In this PR, we make the vulnerability scanner less strict by accepting newer versions of docker images if they have less or equal vulnerabilities to the current version (while currently we only accept if they have strictly less vulnerabilities).
Also in this PR, we fix
org.graalvm.internal.tck.GrypeTask#getAllowedImagesFromMasternot working in the GitHub actions CI. Previously, whenever this method is reached in the CI, the task would fail with:fatal: invalid object name 'master'.. This happens because themasterbranch does not exist in the CI, whileorigin/masterdoes. The change in this PR just made it so we check theorigin/masterwhen we fetch allowed images.Fixes: #770