feat(CI): Added codeql report upload step in Trivy docker image scan

SaptarshiSarkar12 · Feb 20, 2024 · ce72e36 · ce72e36
1 parent 0313277
commit ce72e36
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 20 deletions.
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
@@ -155,22 +155,4 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           file: Docker/prod/${{ matrix.filename }}
-          platforms: linux/amd64,linux/arm64,linux/arm/v7
-
-      - name: Run Trivy security scan
-        uses: aquasecurity/trivy-action@0.17.0
-        with:
-          image-ref: ${{ steps.meta.outputs.tags }}
-          format: ${{ github.event_name == 'pull_request' && 'table' || 'sarif' }}
-          exit-code: 1
-          vuln-type: os,library
-          ignore-unfixed: true
-          output: ${{ github.event_name != 'pull_request' && 'trivy-report.sarif' || '' }}
-          hide-progress: false
-          scanners: vuln,secret,config
-
-      - name: Upload Trivy security scan results
-        if: github.event_name != 'pull_request'
-        uses: github/codeql-action/upload-sarif@main
-        with:
-          sarif_file: trivy-report.sarif
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
@@ -23,4 +23,9 @@ jobs:
           ignore-unfixed: true
           output: 'trivy-report.sarif'
           hide-progress: false
-          scanners: vuln,secret,config
+          scanners: vuln,secret,config
+
+      - name: Upload Trivy report
+        uses: github/codeql-action/upload-sarif@main
+        with:
+          sarif_file: trivy-report.sarif