Migrate to the another docker scanning action

author: Paramtamtam <[email protected]> 2022-02-21 16:56:45 +0500
committer: Paramtamtam <[email protected]> 2022-02-21 16:56:45 +0500
commit: 06dcb5aa411e1466dd664217c9432395c9ee3538 (patch)
tree: 09fa61d47b61e443273878ab09f94cf88a3ee613 /.github
parent: 6f690001175859149910eadc33f4306ba2e3015d (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a557d95c..a62d38be 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -136,7 +136,7 @@ jobs:
           retention-days: 10
 
   docker-image:
-    name: Build docker image
+    name: Build and scan docker image
     runs-on: ubuntu-latest
     needs: [ golangci-lint, go-test ]
     steps:
@@ -149,8 +149,14 @@ jobs:
       - name: Try to execute
         run: docker run --rm rr:local -v
 
-      - name: Install grype
-        run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-
-      - name: Scan Image
-        run: grype rr:local
+      - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action>
+        with:
+          image-ref: rr:local
+          format: sarif
+          severity: MEDIUM,HIGH,CRITICAL
+          exit-code: 1
+          output: trivy-results.sarif
+
+      - uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with: {sarif_file: trivy-results.sarif}
author	Paramtamtam <[email protected]>	2022-02-21 16:56:45 +0500
committer	Paramtamtam <[email protected]>	2022-02-21 16:56:45 +0500
commit	06dcb5aa411e1466dd664217c9432395c9ee3538 (patch)
tree	09fa61d47b61e443273878ab09f94cf88a3ee613 /.github
parent	6f690001175859149910eadc33f4306ba2e3015d (diff)