From 24b9d6a77ea7f65f9536142f62497da6bd90c015 Mon Sep 17 00:00:00 2001 From: Argelbargel Date: Tue, 6 Aug 2024 17:04:04 +0200 Subject: [PATCH] Update & Active Trivy-Code-Checks --- .github/workflows/checks.yml | 2 ++ .github/workflows/{trivy.yml => trivy-code.yml} | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) rename .github/workflows/{trivy.yml => trivy-code.yml} (76%) diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index ff31fa0..d951a00 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -31,3 +31,5 @@ jobs: test: uses: ./.github/workflows/test.yml + trivy: + uses: ./.github/workflows/trivy-code.yml diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy-code.yml similarity index 76% rename from .github/workflows/trivy.yml rename to .github/workflows/trivy-code.yml index 178e61a..30e1001 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy-code.yml @@ -19,21 +19,21 @@ jobs: - name: "Checkout repository" uses: actions/checkout@v4 - - name: Run Trivy vulnerability scanner in repo mode + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs' ignore-unfixed: true format: 'sarif' output: 'trivy-results.sarif' - severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL' + severity: 'MEDIUM,HIGH,CRITICAL' - - name: Upload Trivy scan results to GitHub Security tab + - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v3 with: sarif_file: 'trivy-results.sarif' - - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph + - name: Generate SBOM uses: aquasecurity/trivy-action@0.20.0 with: scan-type: 'fs'