File tree Expand file tree Collapse file tree 2 files changed +65
-1
lines changed
Expand file tree Collapse file tree 2 files changed +65
-1
lines changed Original file line number Diff line number Diff line change @@ -464,7 +464,6 @@ jobs:
464464 - name : Checkout code
465465 uses : actions/checkout@v3
466466 - name : Run Trivy vulnerability scanner in repo mode
467- # Commit SHA for v0.0.17
468467 uses : aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
469468 with :
470469 scan-type : " fs"
Original file line number Diff line number Diff line change 1+ name : Trivy Nightly Docker Scan
2+
3+ on :
4+ # Run scans if the workflow is modified, in order to test the
5+ # workflow itself. This results in some spurious notifications,
6+ # but seems okay for testing.
7+ pull_request :
8+ branches :
9+ - main
10+ paths :
11+ - .github/workflows/trivy-docker.yaml
12+
13+ # Run scans against master whenever changes are merged.
14+ push :
15+ branches :
16+ - main
17+ paths :
18+ - .github/workflows/trivy-docker.yaml
19+
20+ schedule :
21+ # Run at 10:15 am UTC (3:15am PT/5:15am CT)
22+ # Run at 0 minutes 0 hours of every day.
23+ - cron : " 15 10 * * *"
24+
25+ workflow_dispatch :
26+
27+ permissions :
28+ actions : none
29+ checks : none
30+ contents : read
31+ deployments : none
32+ issues : none
33+ packages : none
34+ pull-requests : none
35+ repository-projects : none
36+ security-events : none
37+ statuses : none
38+
39+ # Cancel in-progress runs for pull requests when developers push
40+ # additional changes, and serialize builds in branches.
41+ # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
42+ concurrency :
43+ group : ${{ github.workflow }}-${{ github.ref }}
44+
45+ jobs :
46+ trivy-scan-image :
47+ runs-on : ubuntu-20.04
48+
49+ steps :
50+ - name : Checkout code
51+ uses : actions/checkout@v3
52+
53+ - name : Run Trivy vulnerability scanner in image mode
54+ uses : aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
55+ with :
56+ image-ref : " docker.io/codercom/code-server:latest"
57+ ignore-unfixed : true
58+ format : " sarif"
59+ output : " trivy-image-results.sarif"
60+ severity : " HIGH,CRITICAL"
61+
62+ - name : Upload Trivy scan results to GitHub Security tab
63+ uses : github/codeql-action/upload-sarif@v1
64+ with :
65+ sarif_file : " trivy-image-results.sarif"
You can’t perform that action at this time.
0 commit comments