Skip to content

Commit

Permalink
Add trivy scan
Browse files Browse the repository at this point in the history
  • Loading branch information
SeaweedbrainCY committed Jul 6, 2024
1 parent b7090f3 commit 6fe7945
Showing 1 changed file with 18 additions and 2 deletions.
20 changes: 18 additions & 2 deletions .github/workflows/security_scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ on:


jobs:
security_scan_analysis:
semgrep_scan:
name: Smegrep Scan Analysis
runs-on: ubuntu-latest
steps:
Expand All @@ -31,4 +31,20 @@ jobs:
run: python3 -m pip install semgrep

- name: Run semgrep
run: semgrep scan --error
run: semgrep scan --error
trivy_scan:
name: Trivy Scan Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install Trivy
run: |
apt-get install wget apt-transport-https gnupg lsb-release
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list
apt-get update
apt-get install trivy
- name: Run Trivy on filesystem
run: trivy fs --scanners vuln,misconfig,secret,license --severity HIGH,CRITICAL --exit-code 1 .

0 comments on commit 6fe7945

Please sign in to comment.