-
Notifications
You must be signed in to change notification settings - Fork 0
44 lines (41 loc) · 1.72 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Aqua
on: pull_request
jobs:
aqua:
name: trivy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
# container-test-job:
# runs-on: ubuntu-latest
# container:
# image: 151013160191/trivy-user-test:tagname
# env:
# AQUA_KEY: ${{ secrets.AQUA_KEY_CNAPP_DEV }}
# AQUA_SECRET: ${{ secrets.AQUA_SECRET_CNAPP_DEV }}
# GITHUB_TOKEN: ${{ github.token }}
# AQUA_URL: https://api.dev.supply-chain.cloud.aquasec.com
# CSPM_URL: https://stage.api.cloudsploit.com
# TRIVY_RUN_AS_PLUGIN: 'aqua'
# volumes:
# - /home/runner/work/_temp/_github_home:/gituser/home
# - /var/run/docker.sock:/var/run/docker.sock
# - /home/runner/work/_temp/_github_home:/github/home
# - /home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/chat-app/chat-app":"/github/workspace"
# steps:
# - name: Check for dockerenv file
# run: |
# trivy fs --scanners config,vuln,secret .
- name: Run Aqua scanner- trivytestdocker
uses: docker://aquasec/aqua-scanner:latest
with:
args: trivy fs --scanners config,vuln,secret --debug .
env:
AQUA_KEY: ${{ secrets.AQUA_KEY_CLOUD_DEV }}
AQUA_SECRET: ${{ secrets.AQUA_KEY_CLOUD_DEV }}
GITHUB_TOKEN: ${{ github.token }}
AQUA_URL: https://api.dev.supply-chain.cloud.aquasec.com
CSPM_URL: https://stage.api.cloudsploit.com
TRIVY_RUN_AS_PLUGIN: "aqua"
DOTNET_PROJ: 1