Skip to content

Merge pull request #62 from grom72/SRE-2505-trivy #219

Merge pull request #62 from grom72/SRE-2505-trivy

Merge pull request #62 from grom72/SRE-2505-trivy #219

Workflow file for this run

# SPDX-License-Identifier: BSD-2-Clause-Patent
# Copyright (c) 2024 Intel Corporation.
name: Trivy scan
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
push:
branches: ["master", "release/**"]
pull_request:
branches: ["master", "release/**"]
# Declare default permissions as nothing.
permissions: {}
jobs:
scan:
name: Scan with Trivy
# Trivy scan may use cached CVEs database if cache already exists.
# Otherwise, the Trivy scan tool downloads CVEs database itself.
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Run Trivy vulnerability scanner in filesystem mode (table format)
uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # 0.28.0
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: 'utils/trivy/trivy.yaml'