Trivy Vulnerability Scan (Repo mode) #5

	name: Trivy Vulnerability Scan (Repo mode)

	on:
	workflow_dispatch:

	jobs:
	run_trivy_scan:
	name: Run Trivy Scan
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: spring-io/spring-gradle-build-action@v2
	- name: Build
	run: \|
	./gradlew clean build -x integrationTest -x test
	curdir=$(pwd)
	echo "*** BONO curdir = $curdir"
	mkdir $curdir/maven-repo-local
	echo "*** BONO created..."
	mrl=$(ls $curdir/maven-repo-local)
	echo $mrl
	./gradlew --info -Dmaven.repo.local=$curdir/maven-repo-local pTML
	echo "*** BONO after pTML..."
	mrl=$(ls $curdir/maven-repo-local)
	echo $mrl
	- name: Run Trivy scan in repo mode
	uses: aquasecurity/trivy-action@master
	with:
	scan-type: 'fs'
	ignore-unfixed: true
	format: 'table'
	output: 'trivy-results.txt'
	severity: 'CRITICAL,HIGH'
	file-patterns: 'pom:.*\.pom'
	scan-ref: '/github/workspace/maven-repo-local/org/springframework/pulsar'
	exit-code: 1
	- name: Upload Trivy scan results
	if: failure()
	uses: actions/upload-artifact@v3
	with:
	name: trivy-results
	path: 'trivy-results.txt'
	retention-days: 3

Provide feedback