blob: 384d273da8cb6ff9c1938dfd360d21755158eb2f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
name: trivy
on:
# schedule:
# - cron: '59 11 * * *'
workflow_dispatch:
permissions: {}
jobs:
trivy:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
matrix:
tag:
- latest
- full
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
show-progress: false
- uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
with:
image-ref: ghcr.io/renovatebot/renovate:${{ matrix.tag }}
format: 'sarif'
output: 'trivy-results.sarif'
- uses: github/codeql-action/upload-sarif@8a93837afdf1873301a68d777844b43e98cd4313 # v3.27.8
with:
sarif_file: trivy-results.sarif
category: 'docker-image-${{ matrix.tag }}'
|