Merge pull request #57 from BretFisher/dependabot/github_actions/aqua… #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Call Trivy | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| jobs: | |
| scan: | |
| name: Scan | |
| permissions: read-all | |
| ### use Reusable Workflows to call my workflow remotely | |
| ### https://docs.github.com/en/actions/learn-github-actions/reusing-workflows | |
| ### you can also call workflows from inside the same repo via file path | |
| #FIXME: customize uri to point to your own linter repository | |
| uses: bretfisher/github-actions-templates/.github/workflows/reusable-trivy-scan-image.yaml@main | |
| secrets: | |
| ### registry auth | |
| registry-username: ${{ github.actor }} | |
| registry-password: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| ### REQUIRED | |
| ### image to scan | |
| image: 'ghcr.io/bretfisher/github-actions-templates:latest' | |
| ### defaults to 0, which doesn't fail job if CVEs are found | |
| ### set to 1 to fail (blocking) if CVEs (of your severities) are found | |
| # exit-code: 0 | |
| ### Comma delimited list of severities to scan for UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL | |
| ### default is HIGH,CRITICAL | |
| # severity: HIGH,CRITICAL | |
| ### Ignore unpatched/unfixed vulnerabilities | |
| ### defaults to true | |
| # ignore-unfixed: true | |
| ### Upload scan results to GitHub Security tab | |
| ### defaults to false | |
| # upload-results: false |