diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/tests.yml | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a557d95c..a62d38be 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -136,7 +136,7 @@ jobs: retention-days: 10 docker-image: - name: Build docker image + name: Build and scan docker image runs-on: ubuntu-latest needs: [ golangci-lint, go-test ] steps: @@ -149,8 +149,14 @@ jobs: - name: Try to execute run: docker run --rm rr:local -v - - name: Install grype - run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - - name: Scan Image - run: grype rr:local + - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action> + with: + image-ref: rr:local + format: sarif + severity: MEDIUM,HIGH,CRITICAL + exit-code: 1 + output: trivy-results.sarif + + - uses: github/codeql-action/upload-sarif@v1 + if: always() + with: {sarif_file: trivy-results.sarif} |