feat: add trivy scan and sbom creation

dnwe · Mar 22, 2024 · 4dfe1fb · 4dfe1fb
1 parent 1204ce5
commit 4dfe1fb
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -72,6 +72,20 @@ jobs:
     outputs:
       tags: ${{ steps.meta.outputs.tags }}
       image-digest: ${{ steps.push.outputs.digest }}
+    - name: Scan Image with Trivy
+      uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+      with:
+        image-ref: ${{ steps.meta.outputs.tags }}
+        scan-type: 'image'
+        ignore-unfixed: true
+        format: 'sarif'
+        output: 'test-results/trivy-sbom-report.sarif'
+    - name: Upload Trivy SBOM
+      uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+      with:
+        path: '${{ github.workspace }}/dependency-results.sbom.json'
+        path: 'test-results/trivy-sbom-report.sarif'
+        retention-days: 14 # 90 is the default
   test:
     name: Unit Testing
     runs-on: ubuntu-latest