From d84c4b3f344a516f2b244163526c940a8b748d69 Mon Sep 17 00:00:00 2001
From: Yash Singh <syash@vmware.com>
Date: Sat, 18 Mar 2023 20:46:59 +0530
Subject: [PATCH] Added trivy-scan

Signed-off-by: Yash Singh <syash@vmware.com>
---
 .github/workflows/trivy-scan.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 .github/workflows/trivy-scan.yaml

diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml
new file mode 100644
index 000000000..2e73a0d00
--- /dev/null
+++ b/.github/workflows/trivy-scan.yaml
@@ -0,0 +1,28 @@
+name: Trivy Security Scan
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  build:
+    name: build
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee  # master
+        with:
+          scan-type: 'fs'
+          severity: 'CRITICAL,HIGH'
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@16964e90ba004cdf0cd845b866b5df21038b7723  # v2.2.6
+        with:
+          sarif_file: 'trivy-results.sarif'
+          category: 'code'