-
Notifications
You must be signed in to change notification settings - Fork 816
37 lines (31 loc) · 1.02 KB
/
trivy.yml
File metadata and controls
37 lines (31 loc) · 1.02 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# This workflow performs a trivy check of docker config files.
name: Trivy
on:
pull_request:
paths:
- 'devops/containers/**'
- 'devops/.trivyignore.yaml'
- '.github/workflows/trivy.yml'
workflow_dispatch:
jobs:
build:
name: Trivy
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
sparse-checkout: devops
# There is a github action, but for some reason it ignores ignore-file.
- name: Install Trivy
run: |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh
./bin/trivy --version
- name: Run Trivy vulnerability scanner
run: ./bin/trivy config --format json --output trivy-report.json --ignorefile=devops/.trivyignore.yaml devops/containers --exit-code 1
- name: Upload report artifact
uses: actions/upload-artifact@v4
with:
name: trivy-report
path: trivy-report.json
retention-days: 3