test trivy.yml #5

Summary
Jobs
- trivy-scan
Run details
- Usage
- Workflow file

Workflow file for this run

	name: Trivy Scan

	on:
	push:
	branches:
	- master
	- develop
	- develop2

	pull_request:
	branches:
	- master
	- develop
	- develop2


	jobs:
	trivy-scan:
	runs-on: ubuntu-latest
	env:
	NAMESPACE: ${{ secrets.dev_namespace_docker_hub }}
	SERVICE_NAME: databreachdetector
	VERSION: latest # Modify this as needed or set dynamically based on your versioning scheme

	steps:
	- name: Checkout code
	uses: actions/checkout@v2

	- name: Build Docker image
	run: \|
	cd "${{ env.SERVICE_LOCATION }}"
	docker build . --file databreachdetector/Dockerfile --tag ${{ env.SERVICE_NAME }}:${{ env.VERSION }}

	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: 'docker.io/${{ env.SERVICE_NAME }}:${{ env.VERSION }}'
	format: 'sarif'
	output: 'trivy-results.sarif'

	- name: Report vulnerabilities in PR
	if: failure() && steps.scan.outcome == 'failure'
	env:
	GITHUB_TOKEN: ${{ inputs.github_token }}
	shell: bash
	run: \|
	echo -n "{\"body\":\"### Vulnerabilities detected\nThe following vulnerabilities of HIGH or CRITICAL severity has been detected in the code. Please resolve these before merging the pull request.\n\n" > result.json
	cat trivy.json \| sort \| uniq \| tr -d '\n' >> result.json
	echo "\"}" >> result.json
	curl -X POST -H "Accept: application/vnd.github+json" \
	-H "X-GitHub-Api-Version: 2022-11-28" \
	-H "Authorization: Bearer $GITHUB_TOKEN" \
	${{ github.event.pull_request.comments_url }} \
	-d @result.json

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: 'trivy-results.sarif'

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test trivy.yml #5

Workflow file

test trivy.yml #5

Jobs

Run details

Workflow file for this run