Skip to content

build

build #248

Workflow file for this run

name: build
on:
workflow_dispatch:
push:
branches:
- master
jobs:
aqua:
name: Trivy
runs-on: ubuntu-latest
# runs-on: windows-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
# - name: download
# run : |
# wget https://github.com/tzurielweisberg/chat-app/releases/download/testtaggfg/aqua_fips_good_dont_delete
# chmod 777 aqua_fips_good_dont_delete
# ./aqua_fips_good_dont_delete fs .
- name: Run Aqua scanner
uses: docker://aquasec/aqua-scanner:limited
with:
args: trivy fs --scanners vuln,config,secret --sast .
# To customize which severities to scan for, add the following flag: --severity UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
# To enable SAST scanning, add: --sast
# To enable reachability scanning, add: --reachability
# To enable npm/dotnet non-lock file scanning, add: --package-json / --dotnet-proj
env:
AQUA_KEY: IQlfJvc2Xw6E9ndYV5YEae #${{ secrets.AQUA_KEY }}
AQUA_SECRET: yiw6ZJk3LVrjLAVVgDKpxgbgEMQ0jwiCOni #${{ secrets.AQUA_SECRET }}
GITHUB_TOKEN: ${{ github.token }}
AQUA_URL: https://api.dev.supply-chain.cloud.aquasec.com
CSPM_URL: https://stage.api.cloudsploit.com
TRIVY_RUN_AS_PLUGIN: 'aqua'
# For http/https proxy configuration add env vars: HTTP_PROX
# - name: Run Trivy scanner
# run: |
# printenv
# echo here
# trivyVersion=0.41.0
# curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b . v${trivyVersion}
# ./trivy plugin install github.com/tzurielweisberg/plugin-version
# ./trivy fs --skip-policy-exit-code --debug .
# echo $?
# echo hello
# env:
# AQUA_KEY: ${{secrets.AQUA_KEY}}
# AQUA_SECRET: ${{secrets.AQUA_SECRET}}
# AQUA_URL: https://api.dev.supply-chain.cloud.aquasec.com
# CSPM_URL: https://stage.api.cloudsploit.com
# TRIVY_RUN_AS_PLUGIN: 'aqua'
# GITHUB_TOKEN: ${{ github.token }}
# TRIVY_SECURITY_CHECKS: vuln,config