Merge pull request #260 from liquibase/DAT-16012

DAT-16012

DevOps :: Resolve security issues in docker repo

.github/workflows/trivy.yml

@@ -31,7 +31,7 @@ jobs:
 
       - name: Build an image from Dockerfile
         run: |
-          docker build -t liquibase/liquibase:${{ github.sha }} .
+          docker build -f Dockerfile -t liquibase/liquibase:${{ github.sha }} .
 
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601
@@ -40,10 +40,28 @@ jobs:
           format: 'sarif'
           output: 'trivy-results.sarif'
 
+      - name: Build an image from Dockerfile (alpine)
+        run: |
+          docker build -f Dockerfile.alpine -t liquibase/liquibase-alpine:${{ github.sha }} .
+
+      - name: Run Trivy vulnerability scanner (alpine)
+        uses: aquasecurity/trivy-action@b77b85c0254bba6789e787844f0585cde1e56320
+        with:
+          image-ref: 'liquibase/liquibase-alpine:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results-alpine.sarif'
+
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: 'trivy-results.sarif'
+          category: 'eclipse-temurin'
+
+      - name: Upload Trivy scan results to GitHub Security tab (alpine)
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results-alpine.sarif'
+          category: 'alpine'
 
       - name: Generate Security Report
         uses: rsdmike/[email protected]