Skip to content

Commit

Permalink
feat: added security scanning to pull requests (#32)
Browse files Browse the repository at this point in the history
  • Loading branch information
stefanfreitag authored Oct 22, 2023
1 parent 2b9a45d commit 6a2cf4c
Showing 1 changed file with 30 additions and 0 deletions.
30 changes: 30 additions & 0 deletions .github/workflows/tf-module-actions.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,33 @@ jobs:
output-file: README.md
output-method: inject
git-push: "true"
- name: Run Trivy vulnerability scanner in IaC mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
hide-progress: false
format: 'sarif'
output: 'trivy-config-results.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-config-results.sarif'
category: 'Trivy IaC Scan'
- name: Run Trivy vulnerability scanner in Filesystem mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
hide-progress: false
format: 'sarif'
output: 'trivy-fs-results.sarif'
exit-code: '1'
ignore-unfixed: true
severity: 'CRITICAL,HIGH,MEDIUM'
- name: Upload Trivy Filesystem scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-fs-results.sarif'
category: 'Trivy Filesystem Scan'

0 comments on commit 6a2cf4c

Please sign in to comment.