⬆️ Updates eslint to v9 #786
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Container Security Scan with Trivy | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
jobs: | |
scan-container: | |
name: Build | |
runs-on: ubuntu-18.04 | |
steps: | |
###################### | |
# Checkout code base # | |
###################### | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# ########################## | |
# # Build the docker image # | |
# ########################## | |
# - name: Build an image from Dockerfile | |
# run: | | |
# docker build -t docker.io/github/super-linter:${{ github.sha }} . | |
########################################### | |
# Download and install Trivy and template # | |
########################################### | |
- name: Download and Install Trivy | |
shell: bash | |
run: | | |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/install.sh | sh -s -- -b ${GITHUB_WORKSPACE} | |
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/master/contrib/sarif.tpl -o sarif.tpl | |
################################# | |
# Run Trivy Scan of source code # | |
################################# | |
- name: Trivy Scan | |
shell: bash | |
run: ./.automation/trivy-security-scan.sh | |
################################ | |
# Check generated report of security scan | |
################################ | |
- name: Check file existence | |
id: check_files | |
uses: andstor/file-existence-action@v1 | |
with: | |
files: 'report.sarif' | |
################################ | |
# Upload report to secrity tab # | |
################################ | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v1 | |
if: steps.check_files.outputs.files_exists == 'true' | |
with: | |
sarif_file: 'report.sarif' |