[#1020]: feat(docker): migrate to the `trivy` action instead of `grype`

author: Valery Piashchynski <[email protected]> 2022-02-21 19:25:57 +0300
committer: GitHub <[email protected]> 2022-02-21 19:25:57 +0300
commit: 83723b8e9bb4884f200a3c29d72ebdd7ec7f015e (patch)
tree: 0ff4458c4a2bb804702f8627530aed889a1de2fb
parent: 6f690001175859149910eadc33f4306ba2e3015d (diff)
parent: 7be6110f1e18e4d174a4deee005a33f9b27728b0 (diff)
2 files changed, 11 insertions, 9 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a557d95c..324c76ad 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -149,8 +149,14 @@ jobs:
       - name: Try to execute
         run: docker run --rm rr:local -v
 
-      - name: Install grype
-        run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
-
-      - name: Scan Image
-        run: grype rr:local
+      - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action>
+        with:
+          image-ref: rr:local
+          format: sarif
+          severity: MEDIUM,HIGH,CRITICAL
+          exit-code: 1
+          output: trivy-results.sarif
+
+      - uses: github/codeql-action/upload-sarif@v1
+        if: always()
+        with: {sarif_file: trivy-results.sarif}
diff --git a/.grype.yaml b/.grype.yaml
deleted file mode 100644
index e65794d2..00000000
--- a/.grype.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-ignore:
-  # temporary ignore this CVE as false positive on the Go package
-  - vulnerability: CVE-2015-5237
-  - vulnerability: CVE-2021-22570
author	Valery Piashchynski <[email protected]>	2022-02-21 19:25:57 +0300
committer	GitHub <[email protected]>	2022-02-21 19:25:57 +0300
commit	83723b8e9bb4884f200a3c29d72ebdd7ec7f015e (patch)
tree	0ff4458c4a2bb804702f8627530aed889a1de2fb
parent	6f690001175859149910eadc33f4306ba2e3015d (diff)
parent	7be6110f1e18e4d174a4deee005a33f9b27728b0 (diff)