conduwuit/.github/workflows/trivy.yml
strawberry d2facaee0b bump various dependencies
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-07-10 22:00:46 -04:00

43 lines
940 B
YAML

name: Trivy code and vulnerability scanning
on:
pull_request:
push:
branches:
- main
tags:
- '*'
schedule:
- cron: '00 12 * * *'
permissions:
contents: read
jobs:
trivy-scan:
name: Trivy Scan
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy code and vulnerability scanner on repo
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: repo
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH,MEDIUM,LOW
- name: Run Trivy code and vulnerability scanner on filesystem
uses: aquasecurity/trivy-action@0.24.0
with:
scan-type: fs
format: sarif
output: trivy-results.sarif
severity: CRITICAL,HIGH,MEDIUM,LOW