ci(pipeline.yml): #106 enable trivy iac scan for dockerfile,helm and kubernetes

abhisheksr01 · abhisheksr01 · commit f0630b23a040 · 2024-12-26T14:30:20.000Z
diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml
@@ -108,7 +108,7 @@ jobs:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:
           args: --severity-threshold=high
-  sast-dockerfile-trivy-hadolint:
+  sast-iac-trivy-hadolint:
     runs-on: ubuntu-latest
     needs: build
     steps:
@@ -123,7 +123,6 @@ jobs:
           scan-type: config
           scan-ref: './'
           exit-code: 1
-          severity: 'CRITICAL,HIGH'
           trivy-config: ./config/trivy/trivy.yaml
   docker-build-push:
     if: github.ref == 'refs/heads/main'
@@ -133,7 +132,7 @@ jobs:
       - mutation-test
       - dependency-vulnerability-analysis
       - sast-code-snyk
-      - sast-dockerfile-trivy-hadolint
+      - sast-iac-trivy-hadolint
     steps:
       - uses: actions/checkout@v4
         with:
diff --git a/config/trivy/trivy.yaml b/config/trivy/trivy.yaml
@@ -1,3 +1,12 @@
 misconfiguration:
   scanners:
-    - dockerfile
+    - dockerfile
+    - helm
+    - kubernetes
+
+severity:
+  - UNKNOWN
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
