@@ -61,17 +61,32 @@ jobs:
6161 labels : ${{ steps.meta.outputs.labels }}
6262 cache-from : type=gha
6363 cache-to : type=gha,mode=max
64- - name : Run Trivy vulnerability scanner
65- if : ${{ github.event_name != 'pull_request' }}
66- uses :
aquasecurity/[email protected] 64+ # - name: Run Trivy vulnerability scanner
65+ # if: ${{ github.event_name != 'pull_request' }}
66+ # uses: aquasecurity/[email protected] 67+ # with:
68+ # exit-code: '1'
69+ # image-ref: ${{ fromJSON(steps.build.outputs.metadata)['image.name'] }}
70+ # format: 'github'
71+ # github-pat: ${{ github.token }}
72+ # env:
73+ # TRIVY_USERNAME: Username
74+ # TRIVY_PASSWORD: Password
75+ - name : Generate Trivy Vulnerability Report
76+ uses : aquasecurity/trivy-action@master
6777 with :
68- exit-code : ' 1'
6978 image-ref : ${{ fromJSON(steps.build.outputs.metadata)['image.name'] }}
70- format : ' github'
71- github-pat : ${{ github.token }}
72- env :
73- TRIVY_USERNAME : Username
74- TRIVY_PASSWORD : Password
79+ output : trivy-report.json
80+ format : json
81+ exit-code : 0
82+
83+ - name : Upload Vulnerability Scan Results
84+ uses : actions/upload-artifact@v4
85+ with :
86+ name : trivy-report
87+ path : trivy-report.json
88+ retention-days : 30
89+
7590 - name : Build Docker Image
7691 uses : docker/build-push-action@v6
7792 id : build-and-push
0 commit comments