mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-07 01:35:53 -05:00
35e2d160a4
* Create trivy.yml * Add descriptive names * Add fs mode to catch package.lock issues * use script to get around timeout * use script to get around timeout * set it * set it * update deps * Align with comment style * fix headeer * npm audit fix to patch vulnerabilities Signed-off-by: Zack Koppert <zkoppert@github.com> Co-authored-by: Lukas Gravley <admiralawkbar@github.com>
49 lines
1.5 KiB
YAML
49 lines
1.5 KiB
YAML
---
|
|
name: Container Security Scan with Trivy
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
pull_request:
|
|
jobs:
|
|
scan-container:
|
|
name: Build
|
|
runs-on: ubuntu-18.04
|
|
steps:
|
|
######################
|
|
# Checkout code base #
|
|
######################
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
|
|
# ##########################
|
|
# # Build the docker image #
|
|
# ##########################
|
|
# - name: Build an image from Dockerfile
|
|
# run: |
|
|
# docker build -t docker.io/github/super-linter:${{ github.sha }} .
|
|
|
|
###########################################
|
|
# Download and install Trivy and template #
|
|
###########################################
|
|
- name: Download and Install Trivy
|
|
shell: bash
|
|
run: |
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b ${GITHUB_WORKSPACE}
|
|
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/sarif.tpl -o sarif.tpl
|
|
|
|
#################################
|
|
# Run Trivy Scan of source code #
|
|
#################################
|
|
- name: Trivy Scan
|
|
shell: bash
|
|
run: ./.automation/trivy-security-scan.sh
|
|
|
|
################################
|
|
# Upload report to secrity tab #
|
|
################################
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
if: always()
|
|
with:
|
|
sarif_file: 'report.sarif'
|