From c2b33072ba842cdc7722bcd520665c56aff00f9a Mon Sep 17 00:00:00 2001
From: Antony Messerli <antony@mes.ser.li>
Date: Sat, 1 Feb 2025 17:47:55 -0600
Subject: [PATCH] Test trivy for PRs

---
 .github/workflows/build.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 0bf191d..23dcfcb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -16,4 +16,14 @@ jobs:
         fetch-depth: '0'
 
     - name: Build the Docker image
-      run: docker build .
+      run: docker build -t docker-netbootxyz:${{ github.sha }} .
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@0.28.0
+      with:
+        image-ref: 'docker-netbootxyz:${{ github.sha }}'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'