From 6fe7945dc608b978324f9795b6979bd9f81f14f0 Mon Sep 17 00:00:00 2001 From: seaweedbrain Date: Sat, 6 Jul 2024 11:29:17 -0400 Subject: [PATCH] Add trivy scan --- .github/workflows/security_scan.yml | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/security_scan.yml b/.github/workflows/security_scan.yml index 5189f44..0b6e312 100644 --- a/.github/workflows/security_scan.yml +++ b/.github/workflows/security_scan.yml @@ -15,7 +15,7 @@ on: jobs: - security_scan_analysis: + semgrep_scan: name: Smegrep Scan Analysis runs-on: ubuntu-latest steps: @@ -31,4 +31,20 @@ jobs: run: python3 -m pip install semgrep - name: Run semgrep - run: semgrep scan --error \ No newline at end of file + run: semgrep scan --error + trivy_scan: + name: Trivy Scan Analysis + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + - name: Install Trivy + run: | + apt-get install wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list + apt-get update + apt-get install trivy + - name: Run Trivy on filesystem + run: trivy fs --scanners vuln,misconfig,secret,license --severity HIGH,CRITICAL --exit-code 1 . +