blob: 4bb06dc0427ed21e217faa903266bcfdc7ea6388 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
name: trivy
on:
# schedule:
# - cron: '59 11 * * *'
workflow_dispatch:
permissions: {}
jobs:
trivy:
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
strategy:
matrix:
tag:
- latest
- full
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
show-progress: false
- uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
with:
image-ref: ghcr.io/renovatebot/renovate:${{ matrix.tag }}
format: 'sarif'
output: 'trivy-results.sarif'
- uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
sarif_file: trivy-results.sarif
category: 'docker-image-${{ matrix.tag }}'
|