Skip to content

Update dependencycheck.yml #24

Update dependencycheck.yml

Update dependencycheck.yml #24

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: trivy
on:
push:
workflow_dispatch:
permissions:
contents: read
jobs:
run-trivy-action:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
with:
scan-type: 'fs'
format: 'json'
output: 'dependency-results.sbom.json'
image-ref: '.'
github-pat: ${{ secrets.GITHUB_TOKEN }}
- name: upload rep
uses: actions/upload-artifact@master
with:
name: trivy report - trivy gen
path: ${{github.workspace}}/dependency-results.sbom.json
run-trivy-on-sbom:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: trivy-sbom
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- run: docker run --rm -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app -o /app/bomer.json && ls
- name: upload rep2
uses: actions/upload-artifact@master
with:
name: trivy report - docker cyclonedx
path: ${{github.workspace}}/bomer.json
- uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
with:
scan-type: 'fs'
format: 'cyclonedx'
output: 'bomzz.json'
- name: upload rep2
uses: actions/upload-artifact@master
with:
name: trivy report - trivy cyclonedx generated
path: ${{github.workspace}}/bomzz.json