Skip to content

Trivy Vulnerability Scan (Repo mode) #21

Trivy Vulnerability Scan (Repo mode)

Trivy Vulnerability Scan (Repo mode) #21

Workflow file for this run

name: Trivy Vulnerability Scan (Repo mode)
on:
workflow_dispatch:
jobs:
run_trivy_scan:
name: Run Trivy Scan
runs-on: ubuntu-latest
env:
LOCAL_REPOSITORY_PATH: ./build/publications/repos
steps:
- uses: actions/checkout@v3
- uses: spring-io/spring-gradle-build-action@v2
- name: Publish to local repo (poms)
run: |
./gradlew publishMavenJavaPublicationToLocalRepository
- name: Run Trivy scan in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '${{ env.LOCAL_REPOSITORY_PATH }}/org/springframework/pulsar'
trivy-config: trivy.yaml
# - name: Output Trivy scan results
# if: always()
# run: |
# cat trivy-results.json
# - name: Upload Trivy scan results
# uses: actions/upload-artifact@v3
# if: always()
# with:
# name: trivy-results
# path: trivy-results.json
# retention-days: 3