chore(sage-monorepo): update Trivy repo scanning workflow (ARCH-320) (#…

…2902)
Sage-Bionetworks · Nov 4, 2024 · 8bed666 · 8bed666
1 parent d341394
commit 8bed666
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/.github/workflows/scan-repo.yml b/.github/workflows/scan-repo.yml
@@ -4,17 +4,21 @@ on:
     branches:
       - main
   pull_request:
+  schedule:
+    # Every Thursday at 7:29 PM
+    - cron: 29 19 * * 4
+  workflow_dispatch:
 
 jobs:
   trivy:
     name: Trivy
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -24,7 +28,7 @@ jobs:
           limit-severities-for-sarif: true
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'
           category: Git Repository