superlint/.github/workflows/trivy.yml

# Disabling trivy scans while they get troubleshooting for failures
---
name: Container Security Scan with Trivy
on:
  push:
    branches:
      - master
  pull_request:
jobs:
  scan-container:
    name: Build
    runs-on: ubuntu-18.04
    steps:
      ######################
      # Checkout code base #
      ######################
      - name: Checkout code
        uses: actions/checkout@v2

      # ##########################
      # # Build the docker image #
      # ##########################
      - name: Build an image from Dockerfile
        run: |
          docker build -t docker.io/github/super-linter:${{ github.sha }} .

      #################################
      # Run Trivy Scan of source code #
      #################################
      - name: Trivy Scan
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          format: 'template'
          template: '@/contrib/sarif.tpl'
          output: 'report.sarif'
          severity: 'HIGH,CRITICAL'

      #################################
      # Upload report to security tab #
      #################################
      - name: Upload Trivy scan results to GitHub Security tab
        uses: github/codeql-action/upload-sarif@v1
        if: always()
        with:
          sarif_file: 'report.sarif'
Update trivy.yml 2021-04-05 20:00:29 -04:00			`# Disabling trivy scans while they get troubleshooting for failures`
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`---`
			`name: Container Security Scan with Trivy`
			`on:`
			`push:`
			`branches:`
			`- master`
			`pull_request:`
			`jobs:`
			`scan-container:`
			`name: Build`
			`runs-on: ubuntu-18.04`
			`steps:`
			`######################`
			`# Checkout code base #`
			`######################`
			`- name: Checkout code`
			`uses: actions/checkout@v2`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`# ##########################`
			`# # Build the docker image #`
			`# ##########################`
			`- name: Build an image from Dockerfile`
			`run: \|`
			`docker build -t docker.io/github/super-linter:${{ github.sha }} .`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`#################################`
			`# Run Trivy Scan of source code #`
			`#################################`
			`- name: Trivy Scan`
			`uses: aquasecurity/trivy-action@master`
			`with:`
			`scan-type: 'fs'`
			`format: 'template'`
			`template: '@/contrib/sarif.tpl'`
			`output: 'report.sarif'`
			`severity: 'HIGH,CRITICAL'`
Add trivy scans for container security (#1209) * Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com> 2021-02-17 17:03:30 -05:00
Reinstate Trivy with no blocks for vulnerabilities found (#1455) * enable trivy * enable docker build * Add audit fix to patch vulns * exit success on vulnerabilities found 2021-04-17 17:50:23 -04:00			`#################################`
			`# Upload report to security tab #`
			`#################################`
			`- name: Upload Trivy scan results to GitHub Security tab`
			`uses: github/codeql-action/upload-sarif@v1`
			`if: always()`
			`with:`
			`sarif_file: 'report.sarif'`