ci: integrate Trivy scan results with GitHub Security tab

appleboy · appleboy · commit 975a389976b1 · 2025-08-02T12:55:54.000+08:00
- Add a step to upload Trivy scan results to the GitHub Security tab using the upload-sarif action

Signed-off-by: appleboy &lt;appleboy.tw@gmail.com&gt;
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
@@ -92,6 +92,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@0.28.0
         with:
@@ -102,3 +103,7 @@ jobs:
           exit-code: '1'
           severity: 'CRITICAL,HIGH'
 
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
