Skip to content
Docker Security Scan

Implement Basic Trivy Scanning Workflow #9

Sign in to view logs

Implement Basic Trivy Scanning Workflow

Implement Basic Trivy Scanning Workflow #9

Triggered via pull request December 23, 2025 18:46
@josecelanojosecelano
synchronize #256
251-implement-basic-trivy-scanning-workflow
Status Failure
Total duration 7m 0s
Artifacts 3

docker-security-scan.yml

on: pull_request
Matrix: Scan Project-Built Docker Images
Matrix: Scan Third-Party Docker Images
Upload SARIF Results to GitHub Security
8s
Upload SARIF Results to GitHub Security
Fit to window
Zoom out
Zoom in

Annotations

10 errors
Scan Third-Party Docker Images (mysql:8.0)
Process completed with exit code 1.
Scan Project-Built Docker Images (docker/provisioned-instance/Dockerfile, docker/provisioned-inst...
Process completed with exit code 1.
Scan Third-Party Docker Images (grafana/grafana:11.4.0)
Failed to CreateArtifact: Received non-retryable error: Failed request: (409) Conflict: an artifact with this name already exists on the workflow run
Scan Third-Party Docker Images (grafana/grafana:11.4.0)
Process completed with exit code 1.
Scan Project-Built Docker Images (docker/ssh-server/Dockerfile, docker/ssh-server, ssh-server)
Process completed with exit code 1.
Scan Third-Party Docker Images (prom/prometheus:v3.0.1)
Failed to CreateArtifact: Received non-retryable error: Failed request: (409) Conflict: an artifact with this name already exists on the workflow run
Scan Third-Party Docker Images (prom/prometheus:v3.0.1)
Process completed with exit code 1.
Scan Third-Party Docker Images (torrust/tracker:develop)
Failed to CreateArtifact: Received non-retryable error: Failed request: (409) Conflict: an artifact with this name already exists on the workflow run
Scan Third-Party Docker Images (torrust/tracker:develop)
Process completed with exit code 1.
Upload SARIF Results to GitHub Security
The CodeQL Action does not support uploading multiple SARIF runs with the same category. Please update your workflow to upload a single run per category. For more information, see https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/

Artifacts

Produced during runtime
Name Size Digest
sarif-project-provisioned-instance
7.38 KB
sha256:a5225dbb9479c242c22e3f1a231e708d70e4072cae72d8eaddb51df7453b6522
sarif-project-ssh-server
1.55 KB
sha256:d6ff675bfef887ae3115946acb767c50b1975d05379d3ab243a72aedb8793be3
sarif-third-party-
5.92 KB
sha256:71429a48c5e10a237bd124bb2990e9b9b090d488fa70f3d9c9f6233e2c261680