COH-27607 - Add nightly Trivy scan using GitHub workflow (#48)

dhirupandey · web-flow · commit de5bc6294f51 · 2023-07-07T15:55:20.000-07:00
* Add trivy scan
diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
@@ -0,0 +1,29 @@
+# Copyright 2023 Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at
+# https://oss.oracle.com/licenses/upl.
+
+# ---------------------------------------------------------------------------
+# Coherence Go Client GitHub Actions Scheduled Trivy Scan
+# ---------------------------------------------------------------------------
+name: Scheduled Trivy Scan
+
+on:
+  workflow_dispatch:
+  schedule:
+    # Every day at midnight
+    - cron: '0 0 * * *'
+
+jobs:
+  trivy-scan:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/aquasecurity/trivy:latest
+      volumes:
+        - /var/run/docker.sock:/var/run/docker.sock
+        - /home/runner/work/coherence-py-client/coherence-py-client:/repo
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Trivy Scan
+        run: trivy fs --exit-code 1 /repo
