Added trivy

Ontotext-AD · Jan 25, 2024 · 5eec9b9 · 5eec9b9
1 parent 9433875
commit 5eec9b9
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,4 +27,16 @@ jobs:
       - id: run_helm_lint
         name: Run Helm lint
         run: helm lint --strict .
-      # TODO: Add trivy + sarif
+
+      - id: run_trivy_config
+        name: Run Trivy vulnerability scanner
+        # aquasecurity/trivy-action@v0.16.1
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
+        with:
+          scan-type: config
+          trivy-config: trivy.yaml
+          hide-progress: false
+          format: sarif
+          output: trivy.sarif
+
+      # TODO: Lint/trivy for examples/ folder ???????
diff --git a/trivy.yaml b/trivy.yaml
@@ -0,0 +1,7 @@
+timeout: 5m
+exit-code: 1
+severity:
+  - HIGH
+  - CRITICAL
+  - MEDIUM
+format: table