Improved trivy code scanning

Author: maximmasiutin

.github/workflows/trivy-analysis.yaml

@@ -1,4 +1,4 @@
-name: Trivy
+name: Trivy Analysis
 
 permissions:
   contents: read
@@ -9,8 +9,10 @@ on:
   pull_request:
   workflow_dispatch:
   push:
-    branches:
-      - master
+
+env:
+  SARIF_FILE: 'trivy-results.sarif'
+
 jobs:
   build:
     name: Scan
@@ -19,17 +21,29 @@ jobs:
       - name: Checkout code
         uses: actions/[email protected]
 
-      - name: Run Trivy vulnerability scanner in repo mode
+      - name: Run Trivy vulnerability scanner on the cloned repository files
         uses: aquasecurity/[email protected]
         with:
+          version: 'v0.61.1'
           scan-type: 'fs'
-          scanners: 'vuln,misconfig,secret'
+          scanners: 'vuln,misconfig,secret,license'
           ignore-unfixed: true
           format: 'sarif'
-          output: 'trivy-results.sarif'
+          output: ${{ env.SARIF_FILE }}
           severity: 'CRITICAL'
 
+      - name: Check Trivy scan results existence
+        run: |
+          if [ ! -f "${{ env.SARIF_FILE }}" ]; then
+            echo "Error: ${{ env.SARIF_FILE }} does not exist."
+            exit 1
+          fi
+          ls -lash ${{ env.SARIF_FILE }}
+          
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/[email protected]
         with:
-          sarif_file: 'trivy-results.sarif'
+          sarif_file: ${{ env.SARIF_FILE }}
+
+
+