superlint/.github/workflows/trivy.yml

# Disabling trivy scans while they get troubleshooting for failures
---
name: Trivy Container Scan
on:
  push:
    branches:
      - main
  pull_request:
jobs:
  scan-container:
    name: Build
    runs-on: ubuntu-18.04
    timeout-minutes: 60
    steps:
      ######################
      # Checkout code base #
      ######################
      - name: Checkout code
        uses: actions/checkout@v2.4.0

      # ##########################
      # # Build the docker image #
      # ##########################
      - name: Build an image from Dockerfile
        run: |
          docker build -t "docker.io/github/super-linter:${{ github.sha }}" .

      #################################
      # Run Trivy Scan of source code #
      #################################
      - name: Trivy Scan
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'report.sarif'
          severity: 'HIGH,CRITICAL'

      #################################
      # Upload report to security tab #
      #################################
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        if: always()
        with:
          sarif_file: 'report.sarif'
Update trivy.yml 2021-04-05 20:00:29 -04:00			`# Disabling trivy scans while they get troubleshooting for failures`
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`---`
Add Actions names 2022-02-21 10:17:34 -05:00			`name: Trivy Container Scan`
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`on:`
			`push:`
			`branches:`
switch to main branch (#2010) * switch to main branch * switch from master to main * switch default branch to main * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * switch to main branch * make comment reflect code * switch to main branch 2021-10-01 15:57:26 -04:00			`- main`
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`pull_request:`
			`jobs:`
			`scan-container:`
			`name: Build`
			`runs-on: ubuntu-18.04`
Add CI timeout (#2127) 2021-11-15 11:25:36 -05:00			`timeout-minutes: 60`
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`steps:`
			`######################`
			`# Checkout code base #`
			`######################`
			`- name: Checkout code`
Bump actions/checkout from 2.3.4 to 2.4.0 (#2096) Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.4.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.4.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> 2021-11-10 12:53:31 -05:00			`uses: actions/checkout@v2.4.0`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`# ##########################`
			`# # Build the docker image #`
			`# ##########################`
			`- name: Build an image from Dockerfile`
			`run: \|`
Adding actionlint (#1775) * Adding action lint * adding tests * adding tests * Update Dockerfile Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com> * cleanup name * fix test * typo * fix file name * fix our own errors * more cleanup * angry * make it happy * stop double jobs Co-authored-by: Masaya Suzuki <15100604+massongit@users.noreply.github.com> 2021-07-19 10:28:49 -04:00			`docker build -t "docker.io/github/super-linter:${{ github.sha }}" .`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`#################################`
			`# Run Trivy Scan of source code #`
			`#################################`
			`- name: Trivy Scan`
			`uses: aquasecurity/trivy-action@master`
			`with:`
			`scan-type: 'fs'`
			`format: 'template'`
			`template: '@/contrib/sarif.tpl'`
			`output: 'report.sarif'`
			`severity: 'HIGH,CRITICAL'`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`#################################`
			`# Upload report to security tab #`
			`#################################`
			`- name: Upload Trivy scan results to GitHub Security tab`
			`uses: github/codeql-action/upload-sarif@v1`
			`if: always()`
			`with:`
			`sarif_file: 'report.sarif'`