Skip to content

Merge pull request #126 from distributary-dami/patch-1 #28

Merge pull request #126 from distributary-dami/patch-1

Merge pull request #126 from distributary-dami/patch-1 #28

---
name: trivy-analysis
# yamllint disable-line rule:truthy
on:
push:
branches:
- main
pull_request:
concurrency:
group: trivy-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
trivy-analysis:
name: trivy-analysis
runs-on: "ubuntu-22.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build an image from Dockerfile
run: |
docker build -t docker.io/dokku/ci-docker-image:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: "docker.io/dokku/ci-docker-image:${{ github.sha }}"
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: "trivy-results.sarif"