Docker Image Scan #3

	name: docker-image-scan
	on:
	workflow_dispatch:

	jobs:
	build:
	name: Build
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3
	- id: trivy-db
	name: Check trivy db sha
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	endpoint='/orgs/aquasecurity/packages/container/trivy-db/versions'
	headers='Accept: application/vnd.github+json'
	jqFilter='.[] \| select(.metadata.container.tags[] \| contains("latest")) \| .name \| sub("sha256:";"")'
	sha=$(gh api -H "${headers}" "${endpoint}" \| jq --raw-output "${jqFilter}")
	echo "Trivy DB sha256:${sha}"
	echo "::set-output name=sha::${sha}"
	- uses: actions/cache@v3
	with:
	path: .trivy
	key: ${{ runner.os }}-trivy-db-${{ steps.trivy-db.outputs.sha }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: 'docker.io/holomekc/wiremock-gui'
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	cache-dir: .trivy
	- name: Fix .trivy permissions
	run: sudo chown -R $(stat . -c %u:%g) .trivy

Provide feedback