diff options
Diffstat (limited to '.github/workflows/cyber.yml')
| -rw-r--r-- | .github/workflows/cyber.yml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/.github/workflows/cyber.yml b/.github/workflows/cyber.yml new file mode 100644 index 00000000..27a2c9b7 --- /dev/null +++ b/.github/workflows/cyber.yml @@ -0,0 +1,28 @@ +name: cyber + +on: + workflow_call: + +jobs: + trivy: + name: Trivy scan + + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + ignore-unfixed: true + format: 'sarif' + output: 'trivy-results.sarif' + severity: 'CRITICAL' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' |