github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/workflow.yml (about) 1 name: build 2 on: 3 push: 4 branches: 5 - master 6 pull_request: 7 jobs: 8 build: 9 name: Build 10 runs-on: ubuntu-20.04 11 steps: 12 - name: Checkout code 13 uses: actions/checkout@v2 14 15 - name: Build an image from Dockerfile 16 run: | 17 docker build -t docker.io/my-organization/my-app:${{ github.sha }} . 18 19 - name: Run Trivy vulnerability scanner 20 uses: aquasecurity/trivy-action@master 21 with: 22 image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}' 23 exit-code: '1' 24 ignore-unfixed: true 25 vuln-type: 'os,library' 26 format: 'template' 27 template: '@/contrib/sarif.tpl' 28 output: 'trivy-results.sarif' 29 severity: 'CRITICAL,HIGH' 30 31 - name: Upload Trivy scan results to GitHub Security tab 32 uses: github/codeql-action/upload-sarif@v2 33 with: 34 sarif_file: 'trivy-results.sarif'