Skip to content

Commit ba51c4e

Browse files
author
Gonzalo Diaz
committed
[CONFIG] [Github Actions] Docker flow, trivy issue workaround.
aquasecurity/trivy-action#389 (comment)
1 parent e4aac98 commit ba51c4e

File tree

1 file changed

+12
-28
lines changed

1 file changed

+12
-28
lines changed

.github/workflows/docker-image.yml

Lines changed: 12 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@ jobs:
157157
with:
158158
sarif_file: "snyk.sarif"
159159
scan:
160-
name: "Trivy (sarif)"
160+
name: "Trivy"
161161
runs-on: ubuntu-latest
162162
needs: build
163163
permissions:
@@ -176,40 +176,24 @@ jobs:
176176
docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
177177
docker image ls -a
178178
179-
- name: Run Trivy vulnerability scanner
179+
- name: Run Trivy vulnerability scanner (cli report)
180+
uses: aquasecurity/[email protected]
181+
with:
182+
image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
183+
format: "table"
184+
env:
185+
TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }}
186+
187+
- name: Run Trivy vulnerability scanner (sarif report)
180188
uses: aquasecurity/[email protected]
181189
with:
182190
image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
183191
format: "sarif"
184192
output: "trivy-results.sarif"
193+
env:
194+
TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }}
185195

186196
- name: Upload Trivy scan results to GitHub Security tab
187197
uses: github/codeql-action/upload-sarif@v3
188198
with:
189199
sarif_file: "trivy-results.sarif"
190-
env:
191-
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}
192-
193-
report:
194-
name: "Trivy (report)"
195-
runs-on: ubuntu-latest
196-
needs: build
197-
steps:
198-
- name: Download artifact
199-
uses: actions/download-artifact@v4
200-
with:
201-
name: ${{ env.ARTIFACT_NAME }}_prod
202-
path: /tmp/
203-
204-
- name: Load image
205-
run: |
206-
docker load --input /tmp/${{ env.ARTIFACT_NAME }}_prod.tar
207-
docker image ls -a
208-
209-
- name: Run Trivy vulnerability scanner
210-
uses: aquasecurity/[email protected]
211-
with:
212-
image-ref: ${{ env.IMAGE_NAME }}:${{ github.sha }}
213-
format: "table"
214-
env:
215-
ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }}

0 commit comments

Comments
 (0)