From 5823b8b0a7e29145dd99b1bf2cd6fc6d7d190434 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Mon, 14 Feb 2022 12:52:49 +0100
Subject: [PATCH] feat: make trivy scan cause build to fail configurable

---
 vars/buildPodman.groovy | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vars/buildPodman.groovy b/vars/buildPodman.groovy
index 96a9c23c..82bc2c7a 100644
--- a/vars/buildPodman.groovy
+++ b/vars/buildPodman.groovy
@@ -49,7 +49,7 @@ def call(Map config) {
             ]
 
             // Scan again and fail on CRITICAL vulns
-            sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
+            sh '[ "${config.trivyFail}" == "NONE" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan'
           }
         }