Migrate to the another docker scanning action

2 files changed, 12 insertions, 10 deletions

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a557d95c..a62d38be 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -136,7 +136,7 @@ jobs:
           retention-days: 10
 
   docker-image:
-    name: Build docker image
+    name: Build and scan docker image
     runs-on: ubuntu-latest
     needs: [ golangci-lint, go-test ]
     steps:
@@ -149,8 +149,14 @@ jobs:
       - name: Try to execute
         run: docker run --rm rr:local -v
 
-      - name: Install grype
-        run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-
-      - name: Scan Image
-        run: grype rr:local
+      - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action>
+        with:
+          image-ref: rr:local
+          format: sarif
+          severity: MEDIUM,HIGH,CRITICAL
+          exit-code: 1
+          output: trivy-results.sarif
+
+      - uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with: {sarif_file: trivy-results.sarif}
diff --git a/.grype.yaml b/.grype.yaml
deleted file mode 100644
index e65794d2..00000000
--- a/.grype.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-ignore:
-  # temporary ignore this CVE as false positive on the Go package
-  - vulnerability: CVE-2015-5237
-  - vulnerability: CVE-2021-22570