Trivy Security Scan #92

	name: Trivy Security Scan

	on:
	schedule:
	- cron: '0 1 * * 1'
	workflow_dispatch:
	inputs: {}

	jobs:
	security-scan:
	permissions:
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	name: Security Scan
	runs-on: ubuntu-20.04
	steps:
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
	with:
	# just scan the latest released image
	image-ref: 'ghcr.io/groundnuty/k8s-wait-for:latest'
	format: 'sarif'
	output: 'trivy-results.sarif'
	severity: 'CRITICAL,HIGH'
	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'
	- name: Fail if scan found vulnerabilities
	run: \|
	grep -q '"rules": \[],' trivy-results.sarif

Provide feedback