Scan Docker Image #115

	name: Scan Docker Image
	on:
	workflow_dispatch:
	schedule:
	# every monday at 10:00 UTC
	- cron: "0 10 * * 1"

	permissions:
	# used by trivy
	contents: read
	packages: read
	security-events: write

	jobs:
	scan-docker-image:
	name: Scan Docker Image
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'temurin'
	cache: maven

	- name: Get Image Name
	id: get-image-name
	run: echo "image-name=$(mvn help:evaluate -Dexpression=image.name -q -DforceStdout)" >> $GITHUB_OUTPUT

	- name: Scan Docker Image for Vulnerabilities
	uses: aquasecurity/[email protected]
	with:
	image-ref: ${{ steps.get-image-name.outputs.image-name }}
	format: sarif
	output: trivy-results.sarif

	- name: Upload Trivy Results to GitHub Security Tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: trivy-results.sarif

Provide feedback