name: Run Trivy Image Scanner

on:
  workflow_call:
    inputs:
      image:
        description: 'The image to test'
        required: true
        type: string

jobs:
  build-go:
    runs-on: docker
    container:
      image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/pipeline-container/trivy:0.56.2
    steps:
      - name: Clone Repository
        uses: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/checkout@main
      - name: Run trivy image scan
        run: |
          set -e
          TRIVY_INSECURE=true trivy image --scanners license,vuln,secret ${{ inputs.image }}
          TRIVY_INSECURE=true trivy image --image-config-scanners secret,misconfig ${{ inputs.image }}