github.com/oam-dev/kubevela@v1.9.11/.github/workflows/trivy-scan.yml

github.com/oam-dev/kubevela@v1.9.11/.github/workflows/trivy-scan.yml (about)

     1  name: "Trivy Scan"
     2  
     3  on:
     4    pull_request:
     5      branches: [ master ]
     6  
     7  permissions:
     8    contents: read
     9  
    10  jobs:
    11    images:
    12      name: Image Scan
    13      runs-on: ubuntu-22.04
    14      steps:
    15        - name: Checkout code
    16          uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
    17  
    18        - name: Build Vela Core image from Dockerfile
    19          run: |
    20            docker build --build-arg GOPROXY=https://proxy.golang.org -t docker.io/oamdev/vela-core:${{ github.sha }} .
    21  
    22        - name: Run Trivy vulnerability scanner for vela core
    23          uses: aquasecurity/trivy-action@master
    24          with:
    25            image-ref: 'docker.io/oamdev/vela-core:${{ github.sha }}'
    26            format: 'sarif'
    27            output: 'trivy-results.sarif'
    28  
    29        - name: Upload Trivy scan results to GitHub Security tab
    30          uses: github/codeql-action/upload-sarif@v2
    31          if: always()
    32          with:
    33            sarif_file: 'trivy-results.sarif'