Merge pull request #110 from githubexporter/trivy-scanning

Add daily Trivy scan workflow

Author: henrymcconville

.github/workflows/container-scan.yml

@@ -0,0 +1,30 @@
+name: Container Scan
+on:
+  schedule:
+    - cron: "0 9 * * *"
+  workflow_dispatch:
+
+jobs:
+  container-scan:
+    name: Container Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Get Current Version
+        id: get-current-version
+        run: |
+          echo "version=$(cat VERSION)" >> $GITHUB_OUTPUT
+
+      - name: Run Trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'githubexporter/github-exporter:${{ steps.get-current-version.outputs.version }}'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'

VERSION

@@ -1 +1 @@
-1.1.0
+1.1.0