fixup! feat: feat: add trivy vulnerability check

halestudio · Jun 19, 2024 · c23b317 · c23b317
1 parent 1f8c686
commit c23b317
Showing 1 changed file with 26 additions and 17 deletions.
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
@@ -115,23 +115,32 @@ jobs:
           mkdir -p build/target/hale-studio-linux-trivy
           tar -xzf build/target/hale-studio-*linux*.tar.gz -C build/target/hale-studio-linux-trivy
 
-      - name: Install Trivy
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y wget apt-transport-https gnupg lsb-release
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install -y trivy
-          trivy --version
-
-      - name: Verify Trivy installation
-        run: |
-          trivy --version
-
-      - name: Run Trivy scan
-        run: |
-          trivy fs --severity CRITICAL,HIGH build/target/hale-studio-linux-trivy --format sarif --output trivy-results.sarif
+      # - name: Install Trivy
+      #   run: |
+      #     sudo apt-get update
+      #     sudo apt-get install -y wget apt-transport-https gnupg lsb-release
+      #     wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+      #     echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+      #     sudo apt-get update
+      #     sudo apt-get install -y trivy
+      #     trivy --version
+
+      # - name: Verify Trivy installation
+      #   run: |
+      #     trivy --version
+
+      # - name: Run Trivy scan
+      #   run: |
+      #     trivy fs --severity CRITICAL,HIGH build/target/hale-studio-linux-trivy --format sarif --output trivy-results.sarif
+
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: 'build/target/hale-studio-linux-trivy'
+          format: 'sarif'
+          severity: 'CRITICAL,HIGH'
+          output: 'trivy-results.sarif'
 
       - name: Upload Trivy SARIF report
         uses: github/codeql-action/upload-sarif@v1