File tree Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Expand file tree Collapse file tree 1 file changed +48
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+
6+ name : trivy
7+
8+ on :
9+ push :
10+ branches : [ "main" ]
11+ pull_request :
12+ # The branches below must be a subset of the branches above
13+ branches : [ "main" ]
14+ schedule :
15+ - cron : ' 25 0 * * 0'
16+
17+ permissions :
18+ contents : read
19+
20+ jobs :
21+ build :
22+ permissions :
23+ contents : read # for actions/checkout to fetch code
24+ security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
25+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
26+ name : Build
27+ runs-on : ubuntu-latest
28+ steps :
29+ - name : Checkout code
30+ uses : actions/checkout@v4
31+
32+ - name : Build an image from Dockerfile
33+ run : |
34+ docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
35+
36+ name : Run Trivy vulnerability scanner
37+ uses : aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
38+ with :
39+ image-ref : ' docker.io/my-organization/my-app:${{ github.sha }}'
40+ format : ' template'
41+ template : ' @/contrib/sarif.tpl'
42+ output : ' trivy-results.sarif'
43+ severity : ' CRITICAL,HIGH'
44+
45+ - name : Upload Trivy scan results to GitHub Security tab
46+ uses : github/codeql-action/upload-sarif@v3
47+ with :
48+ sarif_file : ' trivy-results.sarif'
You can’t perform that action at this time.
0 commit comments