Skip to content

Security Scan

Security Scan #4

Workflow file for this run

name: Security Scan
on:
schedule:
- cron: "0 1 * * 6"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
security-scan:
runs-on: ubuntu-22.04
timeout-minutes: 5
steps:
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5 # 0.8.0
env:
TRIVY_USERNAME: ${{ github.repository_owner }}
TRIVY_PASSWORD: ${{ github.token }}
with:
image-ref: ghcr.io/${{ github.repository }}:latest
ignore-unfixed: true
vuln-type: "os"
severity: "CRITICAL,HIGH"
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
with:
sarif_file: "trivy-results.sarif"