mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-10 02:53:36 -05:00
50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
|
---
|
||
|
name: Container Security Scan with Trivy
|
||
|
on:
|
||
|
push:
|
||
|
branches:
|
||
|
- master
|
||
|
pull_request:
|
||
|
jobs:
|
||
|
scan-container:
|
||
|
name: Build
|
||
|
runs-on: ubuntu-18.04
|
||
|
steps:
|
||
|
######################
|
||
|
# Checkout code base #
|
||
|
######################
|
||
|
- name: Checkout code
|
||
|
uses: actions/checkout@v2
|
||
|
|
||
|
# ##########################
|
||
|
# # Build the docker image #
|
||
|
# ##########################
|
||
|
# - name: Build an image from Dockerfile
|
||
|
# run: |
|
||
|
# docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
||
|
|
||
|
###########################################
|
||
|
# Download and install Trivy and template #
|
||
|
###########################################
|
||
|
- name: Download and Install Trivy
|
||
|
shell: bash
|
||
|
run: |
|
||
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b ${GITHUB_WORKSPACE}
|
||
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/sarif.tpl -o sarif.tpl
|
||
|
|
||
|
#################################
|
||
|
# Run Trivy Scan of source code #
|
||
|
#################################
|
||
|
- name: Trivy Scan
|
||
|
shell: bash
|
||
|
run: ./.automation/trivy-security-scan.sh
|
||
|
|
||
|
################################
|
||
|
# Upload report to secrity tab #
|
||
|
################################
|
||
|
- name: Upload Trivy scan results to GitHub Security tab
|
||
|
uses: github/codeql-action/upload-sarif@v1
|
||
|
if: always()
|
||
|
with:
|
||
|
sarif_file: 'report.sarif'
|