github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/workflow.yml

github.com/ishita82/trivy-gitaction@v0.0.0-20240206054925-e937cc05f8e3/workflow.yml (about)

     1  name: build
     2  on:
     3    push:
     4      branches:
     5        - master
     6    pull_request:
     7  jobs:
     8    build:
     9      name: Build
    10      runs-on: ubuntu-20.04
    11      steps:
    12        - name: Checkout code
    13          uses: actions/checkout@v2
    14  
    15        - name: Build an image from Dockerfile
    16          run: |
    17            docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
    18  
    19        - name: Run Trivy vulnerability scanner
    20          uses: aquasecurity/trivy-action@master
    21          with:
    22            image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
    23            exit-code: '1'
    24            ignore-unfixed: true
    25            vuln-type: 'os,library'
    26            format: 'template'
    27            template: '@/contrib/sarif.tpl'
    28            output: 'trivy-results.sarif'
    29            severity: 'CRITICAL,HIGH'
    30  
    31        - name: Upload Trivy scan results to GitHub Security tab
    32          uses: github/codeql-action/upload-sarif@v2
    33          with:
    34            sarif_file: 'trivy-results.sarif'