Skip to content

Bump aquasecurity/trivy-action from 0.12.0 to 0.19.0 #400

Bump aquasecurity/trivy-action from 0.12.0 to 0.19.0

Bump aquasecurity/trivy-action from 0.12.0 to 0.19.0 #400

name: image-scanning
on:
push:
pull_request:
jobs:
use-trivy-to-scan-image:
name: image-scanning
if: (github.actor == 'dependabot[bot]' && github.event_name == 'pull_request') || ( github.actor != 'dependabot[bot]' && github.event_name == 'push' )
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
target:
- karmada-controller-manager
- karmada-scheduler
- karmada-descheduler
- karmada-webhook
- karmada-agent
- karmada-scheduler-estimator
- karmada-interpreter-webhook-example
- karmada-aggregated-apiserver
- karmada-search
- karmada-operator
- karmada-metrics-adapter
steps:
- name: checkout code
uses: actions/checkout@v3
- name: Build an image from Dockerfile
run: |
export VERSION="latest"
export REGISTRY="docker.io/karmada"
make image-${{ matrix.target }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/[email protected]
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'sarif'
ignore-unfixed: true
vuln-type: 'os,library'
output: 'trivy-results.sarif'
- name: display scan results
uses: aquasecurity/[email protected]
with:
image-ref: 'docker.io/karmada/${{ matrix.target }}:latest'
format: 'table'
ignore-unfixed: true
vuln-type: 'os,library'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'trivy-results.sarif'