Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create trivy.yml #16

Draft
wants to merge 14 commits into
base: master
Choose a base branch
from
Draft

Create trivy.yml #16

Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
339d10a
Create trivy.yml
wangjingz Nov 18, 2024
d7bdddf
Update trivy.yml
wangjingz Nov 18, 2024
604036d
Update trivy.yml
wangjingz Nov 18, 2024
28cfe7f
Update trivy.yml
wangjingz Nov 18, 2024
9e3f2ee
Update trivy.yml
wangjingz Nov 18, 2024
bc3dbaf
Update trivy.yml
wangjingz Nov 19, 2024
889d82d
Update trivy.yml
wangjingz Nov 19, 2024
09061a0
Update trivy.yml
wangjingz Nov 19, 2024
890d327
Update trivy.yml
wangjingz Nov 19, 2024
88ea846
Update trivy.yml
wangjingz Nov 19, 2024
1ad5ae9
Update trivy.yml
wangjingz Nov 19, 2024
1dd43e3
Update trivy.yml
wangjingz Nov 20, 2024
31c1720
Update trivy.yml
wangjingz Nov 22, 2024
a59ff5f
Update trivy.yml
wangjingz Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions .github/workflows/trivy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.

name: Trivy-scan

on:
push:
branches: [ "master" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "master" ]
schedule:
- cron: '31 17 * * 2'
#env:
#TRIVY_JAVA_DB_REPOSITORY: github/aquasecurity/trivy-java-db:1
#TRIVY_DB_REPOSITORY: github/aquasecurity/trivy-db:2

permissions:
contents: read

jobs:
build:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
name: Build
runs-on: "ubuntu-22.04"
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check disk space
run: df -h
#- name: Clear Git Untracked Files
#run: |
# git clean -fdx
#- name: Clear GitHub Actions Cache
# uses: actions/cache@v2
# with:
# key: ${{ runner.os }}-build-${{ hashFiles('**/lockfile') }}
# path: |
# node_modules
# ~/Library/Caches/
# action: clean
- name: Build an image from Dockerfile
run: |
# docker build -t docker.io/my-organization/my-app:${{ github.sha }} .
sudo docker system prune -f
sudo docker image prune -f
sudo docker container prune -f
sudo mkdir -p /etc/systemd/system/docker.service.d
sudo systemctl daemon-reload
sudo systemctl restart docker
cd ./ivsr_ffmpeg_plugin
./build_docker.sh --enable_ov_patch true --ov_version 2022.3
- name: Check disk space
run: df -h

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@7b7aa264d83dc58691451798b4d117d53d21edfe
env:
TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db
TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db
with:
image-ref: 'ffmpeg_ivsr_sdk_ov2022.3'
#format: 'template'
#template: '@/contrib/sarif.tpl'
format: 'sarif'
ignore-unfixed: true
vuln-type: 'os,library'
output: 'trivy-ivsr-results.sarif'
severity: 'CRITICAL,HIGH'

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-ivsr-results.sarif'
Loading