-
Notifications
You must be signed in to change notification settings - Fork 4
29 lines (24 loc) · 1015 Bytes
/
trivy.yml
File metadata and controls
29 lines (24 loc) · 1015 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# This is a basic workflow to help you get started with Actions
name: Trivy Scan
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the master branch
on:
pull_request:
branches: [master]
types: [opened, synchronize, reopened]
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "trivy"
trivy:
# The type of runner that the job will run on
runs-on: [self-hosted, linux, codebuild]
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: "fs"
scan-ref: "${{ github.workspace }}"
trivy-config: "${{ github.workspace }}/trivy.yaml"