chore(ci/trivy): replace script with action (super-linter#1355)

* chore: replace script with action * delete trivy script * more Co-authored-by: Admiral Awkbar <admiralawkbar@github.com>
github · Mar 11, 2021 · d1c8432 · d1c8432
1 parent 5f88bc6
commit d1c8432
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 119 deletions.
diff --git a/.automation/test/go/reports/expected-GO-5.tap b/.automation/test/go/reports/expected-GO-5.tap
@@ -0,0 +1,7 @@
+TAP version 13
+1..2
+not ok 1 - golang_bad_01.go
+  ---
+  message: level=warningg="[runner] The linter 'maligned' is deprecated due to The repository of the linter has been archived by the owner. Use govet 'fieldalignment' instead."\nlevel=warningg="[runner] Can't run linter goanalysis_metalinter failed prerequisites [(buildir@command-line-arguments, inspect@command-line-arguments, isgenerated@command-line-arguments) analysis skipped errors in package [go/golang_bad_01.go 1 1 expected 'package', found 'if' /tmp/lint/.automation/test/go/golang_bad_01.go 1 1 expected 'package', found 'if']]"\nlevel=warningg="[runner] Can't run linter unused buildir analysis skipped errors in package [go/golang_bad_01.go 1 1 expected 'package', found 'if' /tmp/lint/.automation/test/go/golang_bad_01.go 1 1 expected 'package', found 'if' /tmp/lint/.automation/test/go/golang_bad_01.go 1 1 expected 'package', found 'if']"\nlevel=errorg="Running error buildir analysis skipped errors in package [go/golang_bad_01.go 1 1 expected 'package', found 'if' /tmp/lint/.automation/test/go/golang_bad_01.go 1 1 expected 'package', found 'if' /tmp/lint/.automation/test/go/golang_bad_01.go 1 1 expected 'package', found 'if']"\n
+  ...
+ok 2 - golang_good_01.go
diff --git a/.automation/trivy-security-scan.sh b/.automation/trivy-security-scan.sh
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -23,25 +23,22 @@ jobs:
       #   run: |
       #     docker build -t docker.io/github/super-linter:${{ github.sha }} .
 
-      ###########################################
-      # Download and install Trivy and template #
-      ###########################################
-      - name: Download and Install Trivy
-        shell: bash
-        run: |
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b ${GITHUB_WORKSPACE}
-          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/sarif.tpl -o sarif.tpl
-
       #################################
       # Run Trivy Scan of source code #
       #################################
       - name: Trivy Scan
-        shell: bash
-        run: ./.automation/trivy-security-scan.sh
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          format: 'template'
+          exit-code: '1'
+          template: '@/contrib/sarif.tpl'
+          output: 'report.sarif'
+          severity: 'HIGH,CRITICAL'
 
-      ################################
-      # Upload report to secrity tab #
-      ################################
+      #################################
+      # Upload report to security tab #
+      #################################
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v1
         if: always()