feat: scanning the entire repository

halestudio · May 28, 2024 · a8c969b · a8c969b
1 parent 39a97bc
commit a8c969b
Showing 1 changed file with 27 additions and 13 deletions.
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -26,6 +26,7 @@ jobs:
       actions: write # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Build
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -34,19 +35,19 @@ jobs:
       #  run: |
       #    docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
 
-      - name: Run Trivy vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@master
-        with:
+      #- name: Run Trivy vulnerability scanner in fs mode
+      #  uses: aquasecurity/trivy-action@master
+      #  with:
           # image-ref: 'docker.io/my-organization/my-app:${{ github.sha }}'
-          scan-type: 'fs'
-          scan-ref: '.'
+          #scan-type: 'fs'
+          #scan-ref: '.'
           #exit-code: '0'
           #ignore-unfixed: true
-          format: 'sarif'
+          #format: 'sarif'
           #vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH,MEDIUM'
+          #severity: 'CRITICAL,HIGH,MEDIUM'
           #template: '/sarif.tpl'
-          output: 'trivy-results.sarif'
+          #output: 'trivy-results.sarif'
           #skip-dirs: "ignored-dir"
           #trivy-config: trivy.yaml
 
@@ -56,10 +57,10 @@ jobs:
       #    name: trivy-results
       #    path: trivy-results.sarif
 
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: 'trivy-results.sarif'
+      #- name: Upload Trivy scan results to GitHub Security tab
+      #  uses: github/codeql-action/upload-sarif@v2
+      #  with:
+      #    sarif_file: 'trivy-results.sarif'
 
 
       #- name: Create Pull Request
@@ -69,4 +70,17 @@ jobs:
       #    title: 'ci: Update vulnerability list'
       #    body: Update the vulnerability list
       #    branch: update-vulnerabilities
-      #    base: master
+      #    base: master
+
+
+      - name: Install Trivy
+        run: |
+          sudo apt-get update
+          sudo apt-get install wget -y
+          wget https://github.com/aquasecurity/trivy/releases/download/v0.34.0/trivy_0.34.0_Linux-64bit.deb
+          sudo dpkg -i trivy_0.34.0_Linux-64bit.deb
+
+      - name: Scan the entire repository
+        run: |
+          echo "Scanning the entire repository..."
+          trivy fs .