Skip to content

Commit a4ea18f

Browse files
ldclakmalldclakmal
authored
Merge pull request #229 from ballerina-platform/task
Integrate Trivy vulnerability scanner
2 parents ecf39c0 + 7c68dea commit a4ea18f

File tree

4 files changed

+55
-5
lines changed

4 files changed

+55
-5
lines changed

.github/workflows/central-publish.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,18 @@ jobs:
1414
with:
1515
distribution: 'adopt'
1616
java-version: 11
17-
- name: Grant execute permission for gradlew
18-
run: chmod +x gradlew
17+
- name: Build with Gradle
18+
env:
19+
packageUser: ${{ github.actor }}
20+
packagePAT: ${{ secrets.GITHUB_TOKEN }}
21+
run: ./gradlew build -x check -x test
22+
- name: Run Trivy vulnerability scanner
23+
uses: aquasecurity/trivy-action@master
24+
with:
25+
scan-type: 'fs'
26+
scan-ref: '/github/workspace/ballerina'
27+
format: 'table'
28+
exit-code: '1'
1929
- name: Publish artifact
2030
env:
2131
BALLERINA_CENTRAL_ACCESS_TOKEN: ${{ secrets.BALLERINA_CENTRAL_ACCESS_TOKEN }}

.github/workflows/publish-release.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,18 @@ jobs:
1717
with:
1818
distribution: 'adopt'
1919
java-version: 11
20+
- name: Build with Gradle
21+
env:
22+
packageUser: ${{ github.actor }}
23+
packagePAT: ${{ secrets.GITHUB_TOKEN }}
24+
run: ./gradlew build -x check -x test
25+
- name: Run Trivy vulnerability scanner
26+
uses: aquasecurity/trivy-action@master
27+
with:
28+
scan-type: 'fs'
29+
scan-ref: '/github/workspace/ballerina'
30+
format: 'table'
31+
exit-code: '1'
2032
- name: Set version env variable
2133
run: echo "VERSION=$((grep -w 'version' | cut -d= -f2) < gradle.properties | rev | cut --complement -d- -f1 | rev)" >> $GITHUB_ENV
2234
- name : Pre release depenency version update
@@ -33,8 +45,6 @@ jobs:
3345
sed -i 's/stdlib\(.*\)=\(.*\)-[0-9]\{8\}-[0-9]\{6\}-.*$/stdlib\1=\2/g' gradle.properties
3446
git add gradle.properties
3547
git commit -m "Move dependencies to stable version" || echo "No changes to commit"
36-
- name: Grant execute permission for gradlew
37-
run: chmod +x gradlew
3848
- name: Publish artifact
3949
env:
4050
BALLERINA_CENTRAL_ACCESS_TOKEN: ${{ secrets.BALLERINA_CENTRAL_ACCESS_TOKEN }}

.github/workflows/trivy-scan.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
name: Trivy
2+
3+
on:
4+
workflow_dispatch:
5+
schedule:
6+
- cron: '0 0 * * *'
7+
8+
jobs:
9+
ubuntu-build:
10+
name: Build on Ubuntu
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@v2
14+
- name: Set up JDK 11
15+
uses: actions/setup-java@v2
16+
with:
17+
distribution: 'adopt'
18+
java-version: 11
19+
- name: Build with Gradle
20+
env:
21+
packageUser: ${{ github.actor }}
22+
packagePAT: ${{ secrets.GITHUB_TOKEN }}
23+
run: ./gradlew build -x check -x test
24+
- name: Run Trivy vulnerability scanner
25+
uses: aquasecurity/trivy-action@master
26+
with:
27+
scan-type: 'fs'
28+
scan-ref: '/github/workspace/ballerina'
29+
format: 'table'
30+
exit-code: '1'

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,9 @@ Ballerina Regex Library
22
==============================
33

44
[![Build](https://github.com/ballerina-platform/module-ballerina-regex/actions/workflows/build-timestamped-master.yml/badge.svg)](https://github.com/ballerina-platform/module-ballerina-regex/actions/workflows/build-timestamped-master.yml)
5+
[![Trivy](https://github.com/ballerina-platform/module-ballerina-regex/actions/workflows/trivy-scan.yml/badge.svg)](https://github.com/ballerina-platform/module-ballerina-regex/actions/workflows/trivy-scan.yml)
56
[![GitHub Last Commit](https://img.shields.io/github/last-commit/ballerina-platform/module-ballerina-regex.svg)](https://github.com/ballerina-platform/module-ballerina-regex/commits/main)
67
[![Github issues](https://img.shields.io/github/issues/ballerina-platform/ballerina-standard-library/module/regex.svg?label=Open%20Issues)](https://github.com/ballerina-platform/ballerina-standard-library/labels/module%2Fregex)
7-
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
88
[![codecov](https://codecov.io/gh/ballerina-platform/module-ballerina-regex/branch/main/graph/badge.svg)](https://codecov.io/gh/ballerina-platform/module-ballerina-regex)
99

1010
The `regex` library is one of the standard libraries of the <a target="_blank" href="https://ballerina.io/">Ballerina</a> language.

0 commit comments

Comments
 (0)