feat: Add trivy vulnerability scanner in CI process

sebastian-software · Aug 15, 2024 · b76ca06 · b76ca06
1 parent 697493b
commit b76ca06
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/.github/workflows/github-actions-test.yml b/.github/workflows/github-actions-test.yml
@@ -7,6 +7,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in fs mode
+        uses: aquasecurity/[email protected]
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          trivy-config: trivy.config.yaml
       - uses: actions/setup-node@v4
         with:
           node-version: 20

diff --git a/trivy.config.yaml b/trivy.config.yaml
@@ -0,0 +1,3 @@
+format: json
+exit-code: 1
+severity: CRITICAL