Trivy vulnerability scan (#1293)
* Create trivy.yml * Update trivy.yml * Change scanning config
This commit is contained in:
parent
619703dbf8
commit
f05345774d
|
@ -0,0 +1,34 @@
|
|||
name: Security Scans
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ "master" ]
|
||||
pull_request:
|
||||
branches: [ "master" ]
|
||||
|
||||
|
||||
jobs:
|
||||
build:
|
||||
name: build
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Run static analysis
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
scan-type: 'fs'
|
||||
vuln-type: 'library'
|
||||
scanners: 'vuln,secret,config'
|
||||
ignore-unfixed: true
|
||||
format: 'sarif'
|
||||
output: 'trivy-results.sarif'
|
||||
severity: 'MEDIUM,HIGH,CRITICAL'
|
||||
|
||||
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: 'trivy-results.sarif'
|
||||
category: 'code'
|
Loading…
Reference in New Issue