File tree Expand file tree Collapse file tree 1 file changed +43
-0
lines changed
Expand file tree Collapse file tree 1 file changed +43
-0
lines changed Original file line number Diff line number Diff line change 1+ # This workflow uses actions that are not certified by GitHub.
2+ # They are provided by a third-party and are governed by
3+ # separate terms of service, privacy policy, and support
4+ # documentation.
5+
6+ name : trivy
7+
8+ on :
9+ push :
10+ branches : [ "main" ]
11+ pull_request :
12+ # The branches below must be a subset of the branches above
13+ branches : [ "main" ]
14+
15+ permissions :
16+ contents : read
17+
18+ jobs :
19+ build :
20+ permissions :
21+ contents : read # for actions/checkout to fetch code
22+ security-events : write # for github/codeql-action/upload-sarif to upload SARIF results
23+ actions : read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
24+ name : Build
25+ runs-on : ubuntu-latest
26+ steps :
27+ - name : Checkout code
28+ uses : actions/checkout@v4
29+
30+ - name : Run Trivy vulnerability scanner in fs mode
31+ uses :
aquasecurity/[email protected] 32+ with :
33+ scan-type : ' fs'
34+ ignore-unfixed : true
35+ format : ' template'
36+ template : ' @/contrib/sarif.tpl'
37+ output : ' trivy-results.sarif'
38+ severity : ' CRITICAL,HIGH'
39+
40+ - name : Upload Trivy scan results to GitHub Security tab
41+ uses : github/codeql-action/upload-sarif@v3
42+ with :
43+ sarif_file : ' trivy-results.sarif'
You can’t perform that action at this time.
0 commit comments