mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-21 21:50:59 -05:00
Update trivy.yml
This commit is contained in:
parent
62d953d824
commit
768ab9ac38
1 changed files with 44 additions and 43 deletions
87
.github/workflows/trivy.yml
vendored
87
.github/workflows/trivy.yml
vendored
|
@ -1,46 +1,47 @@
|
|||
---
|
||||
name: Container Security Scan with Trivy
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
pull_request:
|
||||
jobs:
|
||||
scan-container:
|
||||
name: Build
|
||||
runs-on: ubuntu-18.04
|
||||
steps:
|
||||
######################
|
||||
# Checkout code base #
|
||||
######################
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v2
|
||||
# Disabling trivy scans while they get troubleshooting for failures
|
||||
# ---
|
||||
# name: Container Security Scan with Trivy
|
||||
# on:
|
||||
# push:
|
||||
# branches:
|
||||
# - master
|
||||
# pull_request:
|
||||
# jobs:
|
||||
# scan-container:
|
||||
# name: Build
|
||||
# runs-on: ubuntu-18.04
|
||||
# steps:
|
||||
# ######################
|
||||
# # Checkout code base #
|
||||
# ######################
|
||||
# - name: Checkout code
|
||||
# uses: actions/checkout@v2
|
||||
|
||||
# ##########################
|
||||
# # Build the docker image #
|
||||
# ##########################
|
||||
# - name: Build an image from Dockerfile
|
||||
# run: |
|
||||
# docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||||
# # ##########################
|
||||
# # # Build the docker image #
|
||||
# # ##########################
|
||||
# # - name: Build an image from Dockerfile
|
||||
# # run: |
|
||||
# # docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||||
|
||||
#################################
|
||||
# Run Trivy Scan of source code #
|
||||
#################################
|
||||
- name: Trivy Scan
|
||||
uses: aquasecurity/trivy-action@master
|
||||
with:
|
||||
scan-type: 'fs'
|
||||
format: 'template'
|
||||
exit-code: '1'
|
||||
template: '@/contrib/sarif.tpl'
|
||||
output: 'report.sarif'
|
||||
severity: 'HIGH,CRITICAL'
|
||||
# #################################
|
||||
# # Run Trivy Scan of source code #
|
||||
# #################################
|
||||
# - name: Trivy Scan
|
||||
# uses: aquasecurity/trivy-action@master
|
||||
# with:
|
||||
# scan-type: 'fs'
|
||||
# format: 'template'
|
||||
# exit-code: '1'
|
||||
# template: '@/contrib/sarif.tpl'
|
||||
# output: 'report.sarif'
|
||||
# severity: 'HIGH,CRITICAL'
|
||||
|
||||
#################################
|
||||
# Upload report to security tab #
|
||||
#################################
|
||||
- name: Upload Trivy scan results to GitHub Security tab
|
||||
uses: github/codeql-action/upload-sarif@v1
|
||||
if: always()
|
||||
with:
|
||||
sarif_file: 'report.sarif'
|
||||
# #################################
|
||||
# # Upload report to security tab #
|
||||
# #################################
|
||||
# - name: Upload Trivy scan results to GitHub Security tab
|
||||
# uses: github/codeql-action/upload-sarif@v1
|
||||
# if: always()
|
||||
# with:
|
||||
# sarif_file: 'report.sarif'
|
||||
|
|
Loading…
Reference in a new issue