@@ -13,6 +13,7 @@ on: # yamllint disable-line rule:truthy
1313env :
1414 IMAGE_NAME : algorithm-exercises-py
1515 ARTIFACT_NAME : algorithm-exercises-py_${{ github.sha }}
16+ TRIVY_DB_REPOSITORY : ${{ env.TRIVY_DB_REPOSITORY }}
1617
1718jobs :
1819
@@ -159,7 +160,7 @@ jobs:
159160 with :
160161 sarif_file : ' snyk.sarif'
161162 scan :
162- name : " Trivy (sarif) "
163+ name : " Trivy"
163164 runs-on : ubuntu-latest
164165 needs : build
165166 permissions :
@@ -178,7 +179,17 @@ jobs:
178179 docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
179180 docker image ls -a
180181
181- name : Run Trivy vulnerability scanner
182+ name : Trivy
183+ run : |
184+ printenv
185+
186+ name : Run Trivy vulnerability scanner (cli report)
187+ uses :
aquasecurity/[email protected] 188+ with :
189+ image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
190+ format : ' table'
191+
192+ - name : Run Trivy vulnerability scanner (sarif report)
182193 uses :
aquasecurity/[email protected] 183194 with :
184195 image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
@@ -189,29 +200,3 @@ jobs:
189200 uses : github/codeql-action/upload-sarif@v3
190201 with :
191202 sarif_file : ' trivy-results.sarif'
192- env :
193- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
194-
195- report :
196- name : " Trivy (report)"
197- runs-on : ubuntu-latest
198- needs : build
199- steps :
200- - name : Download artifact
201- uses : actions/download-artifact@v4
202- with :
203- name : ${{ env.ARTIFACT_NAME }}_prod
204- path : /tmp/
205-
206- - name : Load image
207- run : |
208- docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
209- docker image ls -a
210-
211- name : Run Trivy vulnerability scanner
212- uses :
aquasecurity/[email protected] 213- with :
214- image-ref : ${{ env.IMAGE_NAME }}:${{ github.sha }}
215- format : ' table'
216- env :
217- ACTIONS_RUNTIME_TOKEN : ${{ secrets.GITHUB_TOKEN }}
0 commit comments