Skip to content

Commit

Permalink
fixup! feat: feat: add trivy vulnerability check
Browse files Browse the repository at this point in the history
  • Loading branch information
emanuelaepure10 committed Jun 19, 2024
1 parent 1f8c686 commit c23b317
Showing 1 changed file with 26 additions and 17 deletions.
43 changes: 26 additions & 17 deletions .github/workflows/check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -115,23 +115,32 @@ jobs:
mkdir -p build/target/hale-studio-linux-trivy
tar -xzf build/target/hale-studio-*linux*.tar.gz -C build/target/hale-studio-linux-trivy
- name: Install Trivy
run: |
sudo apt-get update
sudo apt-get install -y wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install -y trivy
trivy --version
- name: Verify Trivy installation
run: |
trivy --version
- name: Run Trivy scan
run: |
trivy fs --severity CRITICAL,HIGH build/target/hale-studio-linux-trivy --format sarif --output trivy-results.sarif
# - name: Install Trivy
# run: |
# sudo apt-get update
# sudo apt-get install -y wget apt-transport-https gnupg lsb-release
# wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
# echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
# sudo apt-get update
# sudo apt-get install -y trivy
# trivy --version

# - name: Verify Trivy installation
# run: |
# trivy --version

# - name: Run Trivy scan
# run: |
# trivy fs --severity CRITICAL,HIGH build/target/hale-studio-linux-trivy --format sarif --output trivy-results.sarif

- name: Run Trivy vulnerability scanner in fs mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: 'build/target/hale-studio-linux-trivy'
format: 'sarif'
severity: 'CRITICAL,HIGH'
output: 'trivy-results.sarif'

- name: Upload Trivy SARIF report
uses: github/codeql-action/upload-sarif@v1
Expand Down

0 comments on commit c23b317

Please sign in to comment.