Code Scanning by Trivy #1013

	name: Code Scanning by Trivy

	on:
	push:
	branches:
	- "main"
	pull_request:
	schedule:
	- cron: '0 0 * * 1'
	watch:
	types: [started]

	jobs:
	use-build:
	uses: ./.github/workflows/build.yml

	scan-config:
	runs-on: self-hosted
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Run Trivy vulnerability scanner in config mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'config'
	scan-ref: '.'
	trivyignores: .trivyignore
	trivy-config: trivy.yaml

	scan-fs:
	runs-on: self-hosted
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Run Trivy vulnerability scanner in fs mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	scan-ref: '.'
	trivyignores: .trivyignore
	trivy-config: trivy.yaml

	scan-image:
	runs-on: self-hosted
	needs: [use-build]
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Run Trivy vulnerability scanner in image mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'image'
	image-ref: 'ghcr.io/${{ github.repository }}:${{ github.sha }}'
	trivyignores: .trivyignore
	trivy-config: trivy.yaml
	env:
	TRIVY_USERNAME: ${{ github.repository_owner }}
	TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

Provide feedback