Skip to content

Commit

Permalink
ci: synced file(s) with honestbank/.github
Browse files Browse the repository at this point in the history
  • Loading branch information
honestbank-bot committed Dec 12, 2024
1 parent e069206 commit a882366
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions .github/workflows/trivy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
name: Trivy Security Scan

# permissions required for the action, restricting to read-only for repository contents.
permissions:
contents: read

on:
pull_request:
branches:
- main

jobs:
trivy-security-scan:
name: Run Trivy Security Scan
runs-on: ubuntu-latest

steps:
- name: Checkout Repository
uses: actions/checkout@v4
with:
submodules: "recursive" # Ensure any submodules are included in the scan.
token: ${{ secrets.ENGINEERING_GITHUB_PERSONAL_ACCESS_TOKEN }}

# Run Trivy Configuration Scan with specified options.
- name: Run Trivy Security Scan
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: 'config'
trivy-config: 'trivy.yaml'

0 comments on commit a882366

Please sign in to comment.