Skip to content
Trivy Security Scans

Version bump for v0.12.0 (#1024) #691

Sign in to view logs

Version bump for v0.12.0 (#1024)

Version bump for v0.12.0 (#1024) #691

Workflow file for this run

.github/workflows/trivy_security_scans.yml at c6efdaa
name: Trivy Security Scans
permissions:
contents: read
# Needed if you later add SARIF upload to GitHub Security
# security-events: write
on:
push:
branches:
- main
- development
pull_request:
branches:
- main
- development
schedule:
- cron: "0 8 * * 1" # Weekly on Mondays at 8 AM UTC
jobs:
filesystem-scan:
name: Trivy Filesystem Scan (Source Code)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Scan source code (Filesystem) with Trivy
uses: aquasecurity/trivy-action@master
with:
scan-type: fs
scan-ref: .
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
# Use .trivyignore to suppress known false positives
trivyignores: .trivyignore
image-scan:
name: Trivy Docker Image Scan (Backend & Frontend)
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build backend Docker image
run: docker build -t adventurelog-backend ./backend
- name: Build frontend Docker image
run: docker build -t adventurelog-frontend ./frontend
- name: Scan backend Docker image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: adventurelog-backend
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
trivyignores: .trivyignore
- name: Scan frontend Docker image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: adventurelog-frontend
format: table
exit-code: 1
ignore-unfixed: true
severity: CRITICAL,HIGH
trivyignores: .trivyignore