Skip to content
This repository has been archived by the owner on Mar 20, 2024. It is now read-only.

Commit

Permalink
Added trivy to public-ci
Browse files Browse the repository at this point in the history
Signed-off-by: phansGithub <[email protected]>
  • Loading branch information
phansGithub committed Nov 14, 2023
1 parent 38317c2 commit 38d1a3d
Showing 1 changed file with 46 additions and 0 deletions.
46 changes: 46 additions & 0 deletions .github/workflows/public-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -116,3 +116,49 @@ jobs:
- name: unit-tests
run: make test

# Trivy Scan
trivy-scan:
runs-on: ubuntu-latest
permissions: write-all
steps:

- name: Checkout code
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0

- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'

- name: Build image
run: make image

- name: Generate .tar image
run: docker save -o vul-image.tar localhost:5000/afxdp-device-plugin:latest


- name: Run Trivy on tarballed image
uses: aquasecurity/trivy-action@master
with:
image-ref: /github/workspace/vul-image.tar
scan-type: 'fs'
ignore-unfixed: false
format: 'sarif'
output: 'trivy-image-results.sarif'
severity: 'CRITICAL'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'

- name: Print sarif file
run: cat < trivy-results.sarif

- name: Print image sarif file
run: cat trivy-image-results.sarif

0 comments on commit 38d1a3d

Please sign in to comment.