Trivy

Trivy #67

	name: Trivy

	on:
	push:
	branches: [ "main", "future" ]
	pull_request:
	branches: [ "main", "future" ]
	schedule:
	- cron: '19 7 * * 0'

	permissions:
	contents: read

	jobs:
	build:
	permissions:
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
	name: Analyze
	runs-on: "ubuntu-18.04"
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Build an image from Dockerfile
	run: \|
	docker build -t runner-serverless:${{ github.sha }} .
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/[email protected]
	with:
	image-ref: "runner-serverless:${{ github.sha }}"
	format: "template"
	template: "@/contrib/sarif.tpl"
	output: "trivy-results.sarif"
	severity: "CRITICAL,HIGH"
	env:
	TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v2
	with:
	sarif_file: "trivy-results.sarif"
	category: "Trivy"

Provide feedback