From d20a9554008ad2b78088446e32a840776563e1b6 Mon Sep 17 00:00:00 2001
From: Ilya Kheifets <ikheifets@splunk.com>
Date: Thu, 4 Jul 2024 18:01:09 +0200
Subject: [PATCH] ci: scan docker image on CVEs

Signed-off-by: Ilya Kheifets <ikheifets@splunk.com>
---
 .github/workflows/axosyslog-image-test.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/axosyslog-image-test.yml b/.github/workflows/axosyslog-image-test.yml
index 0b53373b92..cf82f70f1c 100644
--- a/.github/workflows/axosyslog-image-test.yml
+++ b/.github/workflows/axosyslog-image-test.yml
@@ -63,3 +63,11 @@ jobs:
           export SYSLOG_NG_IMAGE="axosyslog:test"
           export SYSLOG_NG_VERSION="${{ needs.tarball.outputs.snapshot-version }}"
           docker/tests/smoke.sh
+
+      - name: Scan docker image on CVEs
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'axosyslog:test'
+          format: 'table'
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH,MEDIUM,LOW'