Add Trivy pipeline

2025-12-18 05:04:37 +03:00 · 2024-10-05 09:26:02 +10:00
parent 33d01a8946
commit f1567466b8
1 changed files with 21 additions and 11 deletions
--- a/.github/workflows/docker-buildx-dev.yml
+++ b/.github/workflows/docker-buildx-dev.yml
@@ -50,4 +50,14 @@ jobs:
            linux/arm/v7
            linux/arm/v6
          push: true
-            tags: ${{ github.repository }}:dev
+          tags: ${{ github.repository }}:${{ github.ref }}
+      -
+        name: Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: '${{ github.repository }}:${{ github.ref }}'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          #severity: 'CRITICAL,HIGH'