File tree Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Expand file tree Collapse file tree 1 file changed +47
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+
6+ name : trivy
7+
8+ on :
9+ workflow_dispatch :
10+ version :
11+ description : ' Version number'
12+ required : true
13+ default : ' v1.0.0'
14+
15+ permissions :
16+ contents : read
17+
18+ jobs :
19+ jobs :
20+ analyze :
21+ permissions :
22+ packages : write
23+ contents : read # for actions/checkout to fetch code
24+ security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
25+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
26+ name : Run Trivy
27+ runs-on : " ubuntu-20.04"
28+ steps :
29+ - name : Login to GitHub Container Registry
30+ uses : docker/login-action@v2
31+ with :
32+ registry : ghcr.io
33+ username : ${{ github.actor }}
34+ password : ${{ secrets.GITHUB_TOKEN }}
35+
36+ - name : Run Trivy vulnerability scanner
37+ uses : aquasecurity/trivy-action@master
38+ with :
39+ image-ref : " ghcr.io/mtes-mct/monitorfish/monitorfish-app:${{ github.event.inputs.version }}"
40+ format : sarif
41+ output : " trivy-results.sarif"
42+ severity : " CRITICAL,HIGH"
43+
44+ - name : Upload Trivy scan results to GitHub Security tab
45+ uses : github/codeql-action/upload-sarif@v2
46+ with :
47+ sarif_file : " trivy-results.sarif"
You can’t perform that action at this time.
0 commit comments