diff options
| -rw-r--r-- | .github/workflows/tests.yml | 18 | ||||
| -rw-r--r-- | .grype.yaml | 4 |
2 files changed, 12 insertions, 10 deletions
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a557d95c..a62d38be 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -136,7 +136,7 @@ jobs: retention-days: 10 docker-image: - name: Build docker image + name: Build and scan docker image runs-on: ubuntu-latest needs: [ golangci-lint, go-test ] steps: @@ -149,8 +149,14 @@ jobs: - name: Try to execute run: docker run --rm rr:local -v - - name: Install grype - run: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin - - - name: Scan Image - run: grype rr:local + - uses: aquasecurity/[email protected] # action page: <https://github.com/aquasecurity/trivy-action> + with: + image-ref: rr:local + format: sarif + severity: MEDIUM,HIGH,CRITICAL + exit-code: 1 + output: trivy-results.sarif + + - uses: github/codeql-action/upload-sarif@v1 + if: always() + with: {sarif_file: trivy-results.sarif} diff --git a/.grype.yaml b/.grype.yaml deleted file mode 100644 index e65794d2..00000000 --- a/.grype.yaml +++ /dev/null @@ -1,4 +0,0 @@ -ignore: - # temporary ignore this CVE as false positive on the Go package - - vulnerability: CVE-2015-5237 - - vulnerability: CVE-2021-22570 |