Skip to content

Commit

Permalink
Add trivy scanner to workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
EHJ-52n committed Dec 2, 2024
1 parent 440727a commit ae98ddd
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions .github/workflows/docker-build-push-read2burn.yml
Original file line number Diff line number Diff line change
Expand Up @@ -93,3 +93,30 @@ jobs:
GIT_COMMIT=${{ github.sha }}
BUILD_DATE=${{ steps.vars.outputs.build_date }}
BUILD_ID=${{ steps.vars.outputs.build_id }}
-
name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
env:
#
# Using AWS repository to circumvent TOOMANYREQUEST error from github repository
#
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db:1
#
# Original GitHub repository
#
# TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db:2
# TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db:1
#
#
# Disable VEX notice
#
TRIVY_DISABLE_VEX_NOTICE: disable_vex_notice
with:
image-ref: "${{ env.IMAGE_TAG }}"
format: 'table'
output: 'trivy-results.txt'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'

0 comments on commit ae98ddd

Please sign in to comment.