First attempt using aquasecurity/trivy-action to scan for CVEs during…

… build.
ActiveState · Aug 26, 2024 · dd9b717 · dd9b717
1 parent bd82284
commit dd9b717
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -214,6 +214,16 @@ jobs:
         shell: bash
         run: parallelize results Build-Executor
 
+      - # === Scan for CVEs (Linux only) ===
+        name: Scan for CVEs
+        if: runner.os == 'Linux'
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: fs
+          scan-ref: build
+          format: table
+          exit-code: 1
+
       - # === Prepare Windows Cert ===
         name: Prepare Windows Cert
         shell: bash
@@ -424,7 +434,7 @@ jobs:
         name: Install Go
         uses: actions/setup-go@v3
         with:
-          go-version: ${{ matrix.go-version }}
+          go-version: 1.22.x
 
       - # === Install State Tool ===
         name: Install State Tool