Trivy

Trivy #1345

	# Runs linter for Docker files
	name: Trivy

	on:
	workflow_dispatch:
	schedule:
	# Runs at 22:45 UTC on Thursday.
	- cron: '45 22 * * 4'
	push:
	pull_request:

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	permissions:
	contents: read

	jobs:
	linux:
	name: Trivy
	runs-on: ${{ github.repository_owner == 'oneapi-src' && 'intel-ubuntu-22.04' \|\| 'ubuntu-latest' }}
	permissions:
	security-events: write

	steps:
	- name: Clone repo
	uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0

	- name: Run Trivy
	uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # v0.33.1
	with:
	scan-type: 'config'
	hide-progress: false
	format: 'sarif'
	output: 'trivy-results.sarif'
	exit-code: 1 # Fail if issue found
	# file with suppressions: .trivyignore (in root dir)

	- name: Print report and trivyignore file
	run: \|
	echo "### Trivy ignore content:"
	cat .trivyignore
	echo "### Trivy report:"
	cat trivy-results.sarif

	- name: Upload results
	uses: github/codeql-action/upload-sarif@fe4161a26a8629af62121b670040955b330f9af2 # v4.31.6
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback