build(deps): Bump github/codeql-action from 2 to 3 #746

Summary
Jobs
- Trivy scan
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/security-analysis.yml at f826c4b

	name: Security analysis

	on:
	push:
	branches:
	- main
	pull_request:
	schedule:
	- cron: '0 0 * * 1'

	jobs:
	security-analysis:
	name: Trivy scan
	runs-on: ubuntu-latest
	env:
	CACHE_PATH: ${{ github.workspace }}/.buildx-cache

	steps:
	- name: Checkout repository
	if: github.event_name != 'schedule'
	uses: actions/checkout@v4

	- name: Set up QEMU
	if: github.event_name != 'schedule'
	uses: docker/setup-qemu-action@v3

	- name: Set up Docker Buildx
	if: github.event_name != 'schedule'
	uses: docker/setup-buildx-action@v3

	- name: Cache Docker layers
	if: github.event_name != 'schedule'
	uses: actions/cache@v3
	with:
	path: ${{ env.CACHE_PATH }}
	key: ${{ runner.os }}-buildx-${{ github.sha }}
	restore-keys: \|
	${{ runner.os }}-buildx-

	- name: Build docker-salt-master image
	if: github.event_name != 'schedule'
	uses: docker/[email protected]
	with:
	context: .
	file: ./Dockerfile
	cache-from: \|
	type=local,src=${{ env.CACHE_PATH }}
	ghcr.io/cdalvaro/docker-salt-master:latest
	cache-to: type=local,dest=${{ env.CACHE_PATH }}
	pull: true
	load: true
	tags: ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}

	- name: Download and tag latest image
	if: github.event_name == 'schedule'
	run: \|
	docker pull ghcr.io/cdalvaro/docker-salt-master:latest
	docker tag ghcr.io/cdalvaro/docker-salt-master:latest ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'ghcr.io/cdalvaro/docker-salt-master:${{ github.sha }}'
	format: 'template'
	template: '@/contrib/sarif.tpl'
	output: 'trivy-results.sarif'

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump github/codeql-action from 2 to 3 #746

Workflow file

build(deps): Bump github/codeql-action from 2 to 3 #746

Jobs

Run details

Workflow file for this run