From 976c4f3cb5f77e81f0401afc6297f60c811cdb59 Mon Sep 17 00:00:00 2001
From: Kiril Kartunov <kiril.kartunov@gmail.com>
Date: Thu, 23 Oct 2025 11:45:23 +0300
Subject: [PATCH 1/2] adds Trivy action

---
 .github/workflows/trivy.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 .github/workflows/trivy.yaml

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
new file mode 100644
index 000000000..24b307fa4
--- /dev/null
+++ b/.github/workflows/trivy.yaml
@@ -0,0 +1,31 @@
+name: Trivy Scanner
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - trivy
+  pull_request:
+jobs:
+  trivy-scan:
+    name: Use Trivy
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Trivy scanner in repo mode
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH,UNKNOWN'
+          scanners: vuln,secret,misconfig,license
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
\ No newline at end of file

From 595c11c3ffb5383f677107dadd25cdfd22ac0a61 Mon Sep 17 00:00:00 2001
From: Kiril Kartunov <kiril.kartunov@gmail.com>
Date: Thu, 23 Oct 2025 12:10:39 +0300
Subject: [PATCH 2/2] on main & dev

---
 .github/workflows/trivy.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 24b307fa4..85b3cadaa 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -4,7 +4,6 @@ on:
     branches:
       - main
       - dev
-      - trivy
   pull_request:
 jobs:
   trivy-scan: