Skip to content

Trivy

Trivy #1083

Workflow file for this run

name: Trivy
on:
workflow_dispatch:
schedule:
- cron: "30 3 * * *"
env:
REGISTRY: ghcr.io/dataswift/hat:latest
jobs:
trivy-scan:
name: Trivy Scan
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- name: Container - Pull
run: docker pull ${{ env.REGISTRY }}
- name: Container - Scan
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ env.REGISTRY }}
format: "template"
template: "@/contrib/sarif.tpl"
output: "trivy-results.sarif"
severity: "CRITICAL,HIGH"
- name: Container - Result
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: "trivy-results.sarif"