From 203235e486957af0e1399420370630e003fd67f1 Mon Sep 17 00:00:00 2001
From: Hong Viet Le <hvle@octo.com>
Date: Tue, 26 Dec 2023 12:37:51 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20scan=20de=20vuln=C3=A9rabilit=C3=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/bats.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bats.yml b/.github/workflows/bats.yml
index be0692c..23dd6d7 100644
--- a/.github/workflows/bats.yml
+++ b/.github/workflows/bats.yml
@@ -13,7 +13,7 @@ env:
   IMAGE_TAG: ${{ github.repository }}/bats:v1.10.0-curl
 
 jobs:
-  build-and-push-docker-image:
+  build:
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -38,6 +38,25 @@ jobs:
           push: true
           tags: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
 
+  scan:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: docker/login-action@v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_TAG }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
   check:
     runs-on: ubuntu-latest
     steps: