[#227] Update trivy scanner

nimblehq · Jan 9, 2024 · dbd86c7 · dbd86c7
1 parent 190d62d
commit dbd86c7
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/.github/workflows/test-generated-project.yml b/.github/workflows/test-generated-project.yml
@@ -48,9 +48,18 @@ jobs:
         run: terraform fmt -recursive -check
 
       - name: Run trivy linter
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.16.1
         with:
           image-ref: '.'
-          scan-type: 'fs'
           scan-ref: '.'
+          scan-type: 'fs'
+          hide-progress: false
+          format: 'json'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: false
           trivy-config: trivy.yaml
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
diff --git a/templates/addons/versionControl/github/.github/workflows/lint.yml b/templates/addons/versionControl/github/.github/workflows/lint.yml
@@ -36,3 +36,15 @@ jobs:
         uses: aquasecurity/[email protected]
         with:
           image-ref: '.'
+          scan-ref: '.'
+          scan-type: 'fs'
+          hide-progress: false
+          format: 'json'
+          output: 'trivy-results.sarif'
+          ignore-unfixed: false
+          trivy-config: trivy.yaml
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'