From b7d710d08c6f3212c72fc9194d98daa7ffa55bbd Mon Sep 17 00:00:00 2001
From: Maaike <maaike.limper@gmail.com>
Date: Sun, 3 Nov 2024 16:57:37 +0100
Subject: [PATCH] rename, matrix scan, only scan images built in this repo

---
 .github/workflows/trivy.yml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 .github/workflows/trivy.yml

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 00000000..644a6645
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,30 @@
+name: Run Trivy vulnerability scanner
+
+
+on: [ push ]
+
+matrix:
+  
+
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image: ['wis2box-management', 'wis2box-mqtt-metrics-collector', 'wis2box-broker']
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build docker image ${{ matrix.image }}
+        run: |
+          docker build -t ${{ matrix.image }}:test ${{ matrix.image }}
+      - name: Run Trivy vulnerability scanner on ${{ matrix.image }}
+        if: always()
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: ${{ matrix.image }}:test
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'