Skip to content

feature: updates to trivy code scanner #42

feature: updates to trivy code scanner

feature: updates to trivy code scanner #42

Workflow file for this run

name: Trivy Scanner
on:
pull_request:
push:
branches:
- develop
schedule:
- cron: "0 21 * * 0"
jobs:
scan:
name: Analyze Code
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- uses: actions/setup-dotnet@v4
with:
dotnet-version: "8.0.x"
- run: dotnet build CSETWebApi/CSETWeb_API/CSETWeb_ApiCore
- name: Run vulnerability scanner
uses: aquasecurity/[email protected]
with:
# format: "sarif"
# output: "trivy-results.sarif"
scan-type: fs
severity: CRITICAL,HIGH
skip-files: CSETWebApi/CSETWeb_Api/CSETWebCore.UpgradeLibrary/VersionUpgrader/SQL/*.sql
# - name: Upload scan results to Security tab
# uses: github/codeql-action/upload-sarif@v3
# if: always()
# with:
# sarif_file: "trivy-results.sarif"