Skip to content

Commit

Permalink
ci: add weekly trivy security scan
Browse files Browse the repository at this point in the history
  • Loading branch information
malud committed Apr 15, 2024
1 parent dd7df26 commit 964517a
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/weekly-trivy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: trivy
on:
schedule:
- cron: '0 9 * * 1' # monday
workflow_dispatch:
pull_request:
jobs:
build:
name: Build
runs-on: ubuntu-22.04
steps:
- name: Checkout code
uses: actions/checkout@v3

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

0 comments on commit 964517a

Please sign in to comment.