Skip to content

Scan with Trivy

Scan with Trivy #23

Workflow file for this run

name: Scan with Trivy
on:
push:
branches:
- main
pull_request:
branches:
- "**"
schedule:
# Run once every morning
- cron: "36 7 * * *"
jobs:
trivy:
name: Trivy
runs-on: ubuntu-latest
timeout-minutes: 10
strategy:
fail-fast: false
matrix:
scan-type:
- fs
- config
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Trivy
uses: aquasecurity/[email protected]
with:
scan-ref: .
scan-type: ${{ matrix.scan-type }}
output: trivy-report.sarif.json
format: sarif
ignore-unfixed: true
hide-progress: false
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: trivy-report.sarif.json