File tree 2 files changed +42
-1
lines changed
2 files changed +42
-1
lines changed Original file line number Diff line number Diff line change @@ -464,7 +464,6 @@ jobs:
464464 - name : Checkout code
465465 uses : actions/checkout@v3
466466 - name : Run Trivy vulnerability scanner in repo mode
467- # Commit SHA for v0.0.17
468467 uses : aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
469468 with :
470469 scan-type : " fs"
Original file line number Diff line number Diff line change 1+ name : Trivy Nightly Docker Scan
2+
3+ on :
4+ # TODO@jsjoeio do some nightly check
5+
6+ permissions :
7+ actions : none
8+ checks : none
9+ contents : read
10+ deployments : none
11+ issues : none
12+ packages : none
13+ pull-requests : none
14+ repository-projects : none
15+ security-events : none
16+ statuses : none
17+
18+ # Cancel in-progress runs for pull requests when developers push
19+ # additional changes, and serialize builds in branches.
20+ # https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
21+ concurrency :
22+ group : ${{ github.workflow }}-${{ github.ref }}
23+
24+ jobs :
25+ trivy-scan-image :
26+ runs-on : ubuntu-20.04
27+ needs : docker-amd64
28+
29+ steps :
30+ - name : Run Trivy vulnerability scanner in image mode
31+ uses : aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
32+ with :
33+ image-ref : ' docker.io/codercom/code-server:latest
34+ ignore-unfixed: true
35+ format: ' sarif'
36+ output : " trivy-image-results.sarif"
37+ severity : " HIGH,CRITICAL"
38+
39+ - name : Upload Trivy scan results to GitHub Security tab
40+ uses : github/codeql-action/upload-sarif@v1
41+ with :
42+ sarif_file : " trivy-image-results.sarif"
You can’t perform that action at this time.
0 commit comments