Skip to content

update path-to-regexp to a non-vulnerable version #14

update path-to-regexp to a non-vulnerable version

update path-to-regexp to a non-vulnerable version #14

# name: Trivy Artifact Scanning
# on:
# # push:
# # branches: [ master ]
# # paths:
# # - "plural/**"
# # - ".github/workflows/trivy-artifact-scan.yaml"
# # pull_request:
# # branches: [ master ]
# # paths:
# # - "plural/**"
# # - ".github/workflows/trivy-artifact-scan.yaml"
# # schedule:
# # - cron: '0 0 * * 1'
# workflow_dispatch:
# jobs:
# trivy-scan:
# name: Trivy IaC scan
# runs-on: ubuntu-20.04
# permissions:
# contents: read # for actions/checkout to fetch code
# security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
# actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
# steps:
# - name: Checkout code
# uses: actions/checkout@v3
# - name: Run Trivy vulnerability scanner in IaC mode
# uses: aquasecurity/trivy-action@master
# with:
# scan-type: 'fs'
# scan-ref: 'plural'
# hide-progress: false
# format: 'sarif'
# output: 'trivy-results.sarif'
# security-checks: 'vuln,secret,config'
# ignore-unfixed: true
# #severity: 'CRITICAL,HIGH'
# env:
# TRIVY_SKIP_DB_UPDATE: true
# TRIVY_SKIP_JAVA_DB_UPDATE: true
# - name: Upload Trivy scan results to GitHub Security tab
# uses: github/codeql-action/upload-sarif@v2
# with:
# sarif_file: 'trivy-results.sarif'